Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2Wr5r2e9vo.msi

Overview

General Information

Sample name:2Wr5r2e9vo.msi
renamed because original name is a hash value
Original sample name:8ef787b0f11fcb0d5d9fe3b209bb5526.msi
Analysis ID:1562073
MD5:8ef787b0f11fcb0d5d9fe3b209bb5526
SHA1:e5f31bfe6f080679807333760f18281abfd17adc
SHA256:d66bdcb1c0a4f2e5452c852e24e001d153a9c9de1d7a692cb5f1ede5e056f1fa
Tags:msiuser-abuse_ch
Infos:

Detection

Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found API chain indicative of debugger detection
Performs DNS queries to domains with low reputation
Tries to resolve many domain names, but no domain seems valid
Checks for available system drives (often done to infect USB drives)
Connects to many different domains
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Executes massive DNS lookups (> 100)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 4364 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\2Wr5r2e9vo.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 2536 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 4196 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding C87318A1E88CD27EAD404D332FBFE39C MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • icacls.exe (PID: 1020 cmdline: "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\." /SETINTEGRITYLEVEL (CI)(OI)HIGH MD5: 2E49585E4E08565F52090B144062F97E)
        • conhost.exe (PID: 4440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • expand.exe (PID: 6628 cmdline: "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files MD5: 544B0DBFF3F393BCE8BB9D815F532D51)
        • conhost.exe (PID: 4616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • anterra.exe (PID: 5588 cmdline: "C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe" /VERYSILENT /VERYSILENT MD5: DF5B588DABBB47648D6FEF8ABBC59064)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://keoqiqigggqkcykq.xyz:443/api/client_helloAvira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URL
Source: keoqiqigggqkcykq.xyzVirustotal: Detection: 12%Perma Link
Source: oqsakkimkesccikc.xyzVirustotal: Detection: 5%Perma Link
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\4244ba815cc94a57841dfebadb3b6b17$dpx$.tmp\8cccbf84c3e089418139dd95981f2766.tmpReversingLabs: Detection: 31%
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe (copy)ReversingLabs: Detection: 31%
Multi AV Scanner detection for submitted file
Source: 2Wr5r2e9vo.msiVirustotal: Detection: 28%Perma Link
Source: 2Wr5r2e9vo.msiReversingLabs: Detection: 29%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.2% probability
Source: Binary string: C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb source: 2Wr5r2e9vo.msi, 3a9a03.msi.2.dr, MSI9DBC.tmp.2.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005C239E _free,_free,FindFirstFileExW,_free,13_2_005C239E
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005C244F FindFirstFileExW,_free,FindNextFileW,_free,FindClose,_free,13_2_005C244F

Networking

barindex
Performs DNS queries to domains with low reputation
Source: DNS query: qckwwsmukogkeuge.xyz
Source: DNS query: keoqiqigggqkcykq.xyz
Source: DNS query: kqsamcsauqiagmma.xyz
Source: DNS query: mocikyoeikocwkuc.xyz
Source: DNS query: uymiagmwmqmimewm.xyz
Source: DNS query: gcikuiqswcgsscog.xyz
Source: DNS query: qwmaokcmiwuqqyes.xyz
Source: DNS query: igaiseoqksuoukqg.xyz
Source: DNS query: kqukwaogqoucsaas.xyz
Source: DNS query: miacggmycyqikoyq.xyz
Source: DNS query: woceumwmwioocusa.xyz
Source: DNS query: acgcaiyykiigugms.xyz
Source: DNS query: cogsyycsuwoysugi.xyz
Source: DNS query: oekyamueeiiousia.xyz
Source: DNS query: wukaqiusicksuguo.xyz
Source: DNS query: yyusosuyycoeikgo.xyz
Source: DNS query: kqoceoymymoicqky.xyz
Source: DNS query: uykkwkqqemamguwa.xyz
Source: DNS query: oyekqyccewougasu.xyz
Source: DNS query: ymsaymyugccysmow.xyz
Source: DNS query: omuquowgiusiesgk.xyz
Source: DNS query: wiywykakusaygisc.xyz
Source: DNS query: aqmqywkwsmmayyoi.xyz
Source: DNS query: cuccygameukkeumw.xyz
Source: DNS query: ukekykoqskumoikg.xyz
Source: DNS query: uyqcacmsiquuwggq.xyz
Source: DNS query: ysoqqwckkqssyigm.xyz
Source: DNS query: yyemsyoimicqmais.xyz
Source: DNS query: miigookwguakmkeu.xyz
Source: DNS query: qiuswcgwaqgemwcg.xyz
Source: DNS query: wuusiiukmwcmimyk.xyz
Source: DNS query: uqyukkamycuaimsu.xyz
Source: DNS query: woeamasicuiqyckq.xyz
Source: DNS query: akaueuwoocwkkoya.xyz
Source: DNS query: qciqgoeogwwmwkcw.xyz
Source: DNS query: ucwesqiquqggymqe.xyz
Source: DNS query: mgseamqmgkqcuewy.xyz
Source: DNS query: gaoweoyqcuuykwgu.xyz
Source: DNS query: oqegmuqkgyaywwmc.xyz
Source: DNS query: qusmiuqmmgqsgeci.xyz
Source: DNS query: yqcakkmwigkaumii.xyz
Source: DNS query: qokykyyigsyqggqe.xyz
Source: DNS query: cyyyokugycioysok.xyz
Source: DNS query: iqcaysimoeeqamky.xyz
Source: DNS query: yekiwquqaacesqqq.xyz
Source: DNS query: gmooqswyuuqaiomi.xyz
Source: DNS query: kuiomoiwauwckqeq.xyz
Source: DNS query: ceucuuwiwwuiweaq.xyz
Source: DNS query: cycscsqyqkeaykgc.xyz
Source: DNS query: ssagiiaauyewiswa.xyz
Source: DNS query: ggwsuoyyioagegkw.xyz
Source: DNS query: ieikmuieoqqmugwu.xyz
Source: DNS query: kcqkucqkogqiuukw.xyz
Source: DNS query: oqouwceoowyiwgag.xyz
Source: DNS query: gakowseyscmeqkya.xyz
Source: DNS query: quisoakcuqsygyyc.xyz
Source: DNS query: auuisqaykqgeesae.xyz
Source: DNS query: iyawyckqggkwsyoq.xyz
Source: DNS query: ecmyomcaicqysoqw.xyz
Source: DNS query: iqcqqquiwomgsmma.xyz
Source: DNS query: ssegwgieumyoasym.xyz
Source: DNS query: ceeomiecgymecgau.xyz
Source: DNS query: myisokqwsmqeusuy.xyz
Source: DNS query: ywkamsiogkycyosy.xyz
Source: DNS query: ggkyecqguqkkuoso.xyz
Source: DNS query: kcyoeiykekuqkkmg.xyz
Source: DNS query: ikwyuqgsegcgcccg.xyz
Source: DNS query: wgswkwaesqqwkoaa.xyz
Source: DNS query: eqkkkcuwkiqiecac.xyz
Source: DNS query: kigcewceemkckeow.xyz
Source: DNS query: ykaimcgigakggwec.xyz
Source: DNS query: uceaygkekiassamu.xyz
Source: DNS query: seioywksogeseqig.xyz
Source: DNS query: ssoqscyewimqiqme.xyz
Source: DNS query: kocgeaeoakgqewog.xyz
Source: DNS query: kuiqsugkqeoscguo.xyz
Source: DNS query: kcsqwmkusesaccwa.xyz
Source: DNS query: ywyawywiuyecuiuu.xyz
Source: DNS query: uowowiqiyeiuwmcc.xyz
Source: DNS query: uokqeaieowiogsgc.xyz
Source: DNS query: ikoqkscwsowwukmi.xyz
Source: DNS query: iymukyseoieqccac.xyz
Source: DNS query: qascmswkaisogoaq.xyz
Source: DNS query: gacgceaygaecuguy.xyz
Source: DNS query: eqyyguuwsyqaqgsq.xyz
Source: DNS query: ewywcoeukaoaegci.xyz
Source: DNS query: mmygsewuukqkiiok.xyz
Source: DNS query: wgyimykogekgewoa.xyz
Source: DNS query: uiguoqqagkiuagyc.xyz
Source: DNS query: kcesagqugouwkqyg.xyz
Source: DNS query: yqeugeoquqsokgqk.xyz
Source: DNS query: eigkgwkyuqssgamw.xyz
Source: DNS query: waqmyueimmyiuawq.xyz
Source: DNS query: qgukewuuykmmkgeq.xyz
Source: DNS query: gmwcscokucowyogs.xyz
Source: DNS query: ywegqamoegumacgi.xyz
Source: DNS query: yquocucuqoywwcsu.xyz
Source: DNS query: eqmeimmouegoasay.xyz
Source: DNS query: cykgmsqcgysgaioo.xyz
Source: DNS query: oqoemaogyoikomiy.xyz
Source: DNS query: qoiiomimuoaqgeku.xyz
Source: DNS query: wgymkeismmiemsqq.xyz
Source: DNS query: ykocagogmeiwmymy.xyz
Source: DNS query: csoqiicgaaiyyoom.xyz
Source: DNS query: koioiiwouukqousy.xyz
Source: DNS query: okkyekwuommcicqi.xyz
Source: DNS query: ecacmycegqoaquio.xyz
Source: DNS query: skgcsksqyekiymii.xyz
Source: DNS query: kckcekceqgcyqcsa.xyz
Source: DNS query: uoaeyoycyycqkoci.xyz
Source: DNS query: wsaekoiomeagsaes.xyz
Source: DNS query: iqmeccigieosgmwq.xyz
Source: DNS query: ggeqowwmmmeekigg.xyz
Source: DNS query: sssawsmmkmuyqsaq.xyz
Source: DNS query: ecmckkeyoskcigeu.xyz
Source: DNS query: quoqoooiamqkkosc.xyz
Source: DNS query: waokmuyyeooamowm.xyz
Source: DNS query: ykomskascimimomo.xyz
Source: DNS query: mmisquwegymayaee.xyz
Source: DNS query: mmyukmsqamgicqai.xyz
Source: DNS query: ikwyooieywakeqog.xyz
Source: DNS query: mgwmkyyqckeewgce.xyz
Source: DNS query: owoksuegymmgesys.xyz
Source: DNS query: aamuskacaaiycguu.xyz
Source: DNS query: yegskieoocgoamyi.xyz
Source: DNS query: aaiouwywwcwuuasm.xyz
Source: DNS query: kuoqgwooymgsqaum.xyz
Source: DNS query: myoyccuwcyaygceg.xyz
Source: DNS query: ggqgwuaseamkyywa.xyz
Source: DNS query: uwimwwicgcscuoku.xyz
Source: DNS query: cyyukyomsoiqyyqa.xyz
Source: DNS query: gaisoawuoicqsumy.xyz
Source: DNS query: qogsmcecyusiyaim.xyz
Source: DNS query: ykqocceawkwoagmc.xyz
Source: DNS query: aosywgkogcissggi.xyz
Source: DNS query: ieywwkeuouoqgqms.xyz
Source: DNS query: ecgkeyeueawgcuqo.xyz
Source: DNS query: guimuaoiecmouigq.xyz
Source: DNS query: ggkyuooyikmqoscw.xyz
Source: DNS query: uoeeuiaewmogugeo.xyz
Source: DNS query: okgeqaswygsgykme.xyz
Source: DNS query: ywqiciegywcouoiy.xyz
Source: DNS query: qgkgogieieoomkqq.xyz
Source: DNS query: qgkmsekougssaawq.xyz
Source: DNS query: ggmwwewskeiggosq.xyz
Source: DNS query: eqgwaamacqweiwie.xyz
Source: DNS query: wmqcgwcegsomeqas.xyz
Source: DNS query: oqummowmqwcgsegm.xyz
Source: DNS query: qoowyoueaaaccgqs.xyz
Source: DNS query: csiykwakekqoqaym.xyz
Source: DNS query: mmymmauyiiksiugu.xyz
Source: DNS query: cseksqccmgaieyic.xyz
Source: DNS query: cykgucwkesokooyw.xyz
Source: DNS query: okoguckagygoqqgk.xyz
Source: DNS query: cyswykkcmggyiqwo.xyz
Source: DNS query: gmmacaiigwcscggs.xyz
Source: DNS query: yequgaccqouegcmw.xyz
Source: DNS query: sksiyqgummyycgmi.xyz
Source: DNS query: skekiggeimmceqcg.xyz
Source: DNS query: eiqqequeskcqiqmw.xyz
Source: DNS query: ecsamoyaimquqwow.xyz
Source: DNS query: aiyksmkyqgyaemiw.xyz
Source: DNS query: owewoieiwasaueco.xyz
Source: DNS query: aoymcmmeqqqgwwca.xyz
Source: DNS query: iygsiugeeogoeiyi.xyz
Source: DNS query: quuemeewaqaiiyqc.xyz
Source: DNS query: wggikwiqowiwqcqg.xyz
Source: DNS query: ucuiiwcwwgimkyyi.xyz
Source: DNS query: koiugmaqgkawaiyw.xyz
Source: DNS query: waeqkmeeasauygum.xyz
Source: DNS query: ecimsaauyieykegi.xyz
Source: DNS query: ocsqocikkcggeaaw.xyz
Source: DNS query: iyaqqeamygmakcgo.xyz
Source: DNS query: uowgcyqcgaqiumoi.xyz
Source: DNS query: myymasomksgeawqw.xyz
Source: DNS query: myaueqycgeikwagc.xyz
Source: DNS query: seoomaqwwimwueiw.xyz
Source: DNS query: mgeycqkiwggsymyc.xyz
Source: DNS query: ikgkgaaqqsmomuim.xyz
Source: DNS query: ieuaeqceycqyqygk.xyz
Source: DNS query: waeqwwagawqkksya.xyz
Source: DNS query: mmeuqmoaekswggoe.xyz
Source: DNS query: ucyoqcksaiiwgqae.xyz
Source: DNS query: aoosomigeaiewqom.xyz
Source: DNS query: cyqaqqcqamemsiog.xyz
Source: DNS query: cyqaqqcqamemsiog.xyz
Source: DNS query: wacqigcacsemkyos.xyz
Source: DNS query: yqocoeikiyacyuck.xyz
Source: DNS query: ywcuqkkmmqioiwqk.xyz
Source: DNS query: waqcciyigkuoygqy.xyz
Source: DNS query: ceoqyeiycqkumwao.xyz
Source: DNS query: aauquiiqeugcwswc.xyz
Source: DNS query: uoeiymqawsqiyuck.xyz
Source: DNS query: uoeiymqawsqiyuck.xyz
Source: DNS query: yqceweqmaumwwywy.xyz
Source: DNS query: eqmycgagykgkqwsu.xyz
Source: DNS query: seuuicaewuoaumes.xyz
Source: DNS query: aomaeyokqgsuomii.xyz
Source: DNS query: waqucgoeeeeymeii.xyz
Source: DNS query: oqacqgmiaaewmmey.xyz
Source: DNS query: ykeaoyaycoiamqey.xyz
Source: DNS query: csmgwcogqqcwseka.xyz
Source: DNS query: auowmussgaesgwas.xyz
Source: DNS query: aikmouciiqgecoqi.xyz
Source: DNS query: koecgqggegimaeya.xyz
Source: DNS query: aawqwccomcemcysm.xyz
Source: DNS query: kcyakwisycecaqgw.xyz
Source: DNS query: uogksceymossmmqc.xyz
Source: DNS query: qgmyeeguweaukuke.xyz
Source: DNS query: mywaqkeaawisisky.xyz
Source: DNS query: yqqsggacauiiugka.xyz
Source: DNS query: equmqmqwuuuioawa.xyz
Source: DNS query: wmoamsauiwauoosg.xyz
Source: DNS query: oqsakkimkesccikc.xyz
Source: DNS query: mgiwaegaqyyaakwy.xyz
Source: DNS query: ucmioacycscyeouk.xyz
Source: DNS query: qumaseqmggyaiauq.xyz
Source: DNS query: uccyyemqaiiksuwm.xyz
Source: DNS query: sesyieaiesegeaow.xyz
Source: DNS query: kccmicaswqmswwak.xyz
Source: DNS query: mssaogwocegysoow.xyz
Source: DNS query: wssaqmakumewmaes.xyz
Source: DNS query: cmukociggiqcouio.xyz
Source: DNS query: skyqsyyymyacyayc.xyz
Source: DNS query: uoigsiqmemcscosu.xyz
Source: DNS query: kuywuskkgqsigqqs.xyz
Source: DNS query: auayomwkewcomwas.xyz
Source: DNS query: iyaikmkkowcqemsi.xyz
Source: DNS query: ggicikyqcaiyguee.xyz
Source: DNS query: oqyaoykomyoygics.xyz
Source: DNS query: eqakguiwiqacqiwg.xyz
Source: DNS query: wgcaouuqqqwucogy.xyz
Source: DNS query: ewacuagosgqmuocm.xyz
Source: DNS query: wgqyouayikuyuqmk.xyz
Source: DNS query: owaaygsacguucaye.xyz
Source: DNS query: uwgicagyykoommga.xyz
Source: DNS query: uiggameqqycugsqw.xyz
Source: DNS query: goguooqkgysueime.xyz
Source: DNS query: keosqeosukqcooco.xyz
Source: DNS query: maoeeogmuauywsyu.xyz
Source: DNS query: ismqaewykmoiguki.xyz
Source: DNS query: wucwykasawokemaw.xyz
Source: DNS query: ukmcqucewskcqygg.xyz
Source: DNS query: qqqmeagkkosgcayo.xyz
Source: DNS query: ysawassgkwqygmmq.xyz
Source: DNS query: osaeyoiqoqawauga.xyz
Source: DNS query: iagisciiyoemgwaa.xyz
Source: DNS query: ymysimqoykwqeqiq.xyz
Source: DNS query: ymmcwogyimsuqmcc.xyz
Source: DNS query: osmoygyawqmmimkq.xyz
Source: DNS query: immyecuqwkiyscys.xyz
Source: DNS query: immyecuqwkiyscys.xyz
Source: DNS query: omsqkuiwcwoegooq.xyz
Source: DNS query: ukaiiiyqoooycyqm.xyz
Source: DNS query: isemauqkwwiumyky.xyz
Source: DNS query: keguuyioweymiaws.xyz
Source: DNS query: kwaywmaequkqccai.xyz
Source: DNS query: yyimcoiwgckeakcm.xyz
Source: DNS query: ekcwemuekgqsimae.xyz
Source: DNS query: imigkomgmqgmakqk.xyz
Source: DNS query: omasqkwqyskcagwi.xyz
Source: DNS query: awyomscgweuqmgaw.xyz
Source: DNS query: eyoyssauceguqwmk.xyz
Source: DNS query: gwwcqeykmseicgaw.xyz
Source: DNS query: qwywqgsmgaoiwsga.xyz
Source: DNS query: ososwckwcqmmwqcy.xyz
Source: DNS query: osaymwoggqqycmse.xyz
Source: DNS query: oyewqwkusieeoqey.xyz
Source: DNS query: ommwaqgaemsmcqwc.xyz
Source: DNS query: cauewwukyywyqiei.xyz
Source: DNS query: goeykqccmemkswom.xyz
Source: DNS query: aksuakswwkiimamq.xyz
Source: DNS query: isaeicumkcuwqmqq.xyz
Source: DNS query: qiswokuokugiooky.xyz
Source: DNS query: qiswcssocuqsaqkq.xyz
Source: DNS query: qcyksokwumicscaa.xyz
Source: DNS query: esiaisyasoaoqwki.xyz
Source: DNS query: giqukkwwcwgqcisg.xyz
Source: DNS query: ymqaaskiwomkucuy.xyz
Source: DNS query: akueuaicusaoieiy.xyz
Source: DNS query: sauygqecsusickcu.xyz
Source: DNS query: kkwkgmcoawgaoiwg.xyz
Source: DNS query: saumycuogqsqykes.xyz
Source: DNS query: ukyokaigmmkumgoa.xyz
Source: DNS query: eswweuycwwiiykwo.xyz
Source: DNS query: uksgyqiqaaiaiesi.xyz
Source: DNS query: smckcsaioceiyasu.xyz
Source: DNS query: esimsqgcwwwmyoqc.xyz
Source: DNS query: esimsqgcwwwmyoqc.xyz
Source: DNS query: maiyuocqqiqiiskw.xyz
Source: DNS query: smaaowemwiwggocu.xyz
Source: DNS query: kwuuwgemogmuomwq.xyz
Source: DNS query: ukicsmiwggcwksam.xyz
Source: DNS query: gwamoggwyegsseao.xyz
Source: DNS query: immcqsiceooqyaay.xyz
Source: DNS query: kkcqgowgkcoyokcu.xyz
Source: DNS query: kecgikusmakuksma.xyz
Source: DNS query: ymuiggyusggsymoi.xyz
Source: DNS query: uecouukwkuceyuwg.xyz
Source: DNS query: eyoaceoookqskqmy.xyz
Source: DNS query: awwomgcseeqwkkom.xyz
Source: DNS query: keykoekseemyiewq.xyz
Source: DNS query: ysiwwoeeaaskykaw.xyz
Source: DNS query: kwmcuwccqmuecgea.xyz
Source: DNS query: gwyooeiscmwguqms.xyz
Source: DNS query: wuokiysmiucoucak.xyz
Source: DNS query: wuuiumemmigyyauq.xyz
Source: DNS query: acwomuuukiomgqkm.xyz
Source: DNS query: muwqwgaaymomgwmi.xyz
Source: DNS query: omgcoecwsqiuqyug.xyz
Source: DNS query: kqmsgskwgemyueya.xyz
Source: DNS query: eyiyueewuaqmmwcm.xyz
Source: DNS query: gwoyamckoqoaauoq.xyz
Source: DNS query: gwoyamckoqoaauoq.xyz
Source: DNS query: qwqsoyoqkymakowm.xyz
Source: DNS query: gcmiymmqgwuquokm.xyz
Source: DNS query: ymseciekayuweoww.xyz
Source: DNS query: oyocwswugeiqqyoo.xyz
Source: DNS query: omgooecquoweeomo.xyz
Source: DNS query: imgeoyougkmmeuec.xyz
Source: DNS query: smoswyoekkccyuga.xyz
Source: DNS query: suwkomiqcykeyako.xyz
Source: DNS query: smwsugycuuckemue.xyz
Source: DNS query: qigcqiaomwieqwka.xyz
Source: DNS query: qigcqiaomwieqwka.xyz
Source: DNS query: oekcyqqggaegsesm.xyz
Source: DNS query: qcoysaaooaiccqyu.xyz
Source: DNS query: mismuqiygyeysaoo.xyz
Source: DNS query: wockoyekyageakcg.xyz
Source: DNS query: ososokqeakgguwsq.xyz
Source: DNS query: wcgqccqcugomywua.xyz
Source: DNS query: aqaqgemescmwsqks.xyz
Source: DNS query: aqiwocaywcswuwsq.xyz
Source: DNS query: aqgmgoqcoqqkguyk.xyz
Source: DNS query: oywgqkusocouysua.xyz
Source: DNS query: uyygagweoagcuqky.xyz
Source: DNS query: muiccguyaeaqwweg.xyz
Source: DNS query: qiqueqokwqqgwwci.xyz
Source: DNS query: uygmgoymcwcgkios.xyz
Source: DNS query: qiyggmguowygeooc.xyz
Source: DNS query: acacoiqgoimayqwm.xyz
Source: DNS query: smisyqewaummmwoc.xyz
Tries to resolve many domain names, but no domain seems valid
Source: unknownDNS traffic detected: query: akaueuwoocwkkoya.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kwaywmaequkqccai.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: myaueqycgeikwagc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: acgcaiyykiigugms.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gwwcqeykmseicgaw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wiywykakusaygisc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaisoawuoicqsumy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kqmsgskwgemyueya.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gwoyamckoqoaauoq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: smisyqewaummmwoc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yquocucuqoywwcsu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ukmcqucewskcqygg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: oqyaoykomyoygics.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: quisoakcuqsygyyc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kcsqwmkusesaccwa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ecacmycegqoaquio.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ecmckkeyoskcigeu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uceaygkekiassamu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wuusiiukmwcmimyk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: smaaowemwiwggocu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qokykyyigsyqggqe.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uoaeyoycyycqkoci.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yyusosuyycoeikgo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gwamoggwyegsseao.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mmisquwegymayaee.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ieuaeqceycqyqygk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cyyyokugycioysok.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gmooqswyuuqaiomi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: auayomwkewcomwas.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: seioywksogeseqig.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kckcekceqgcyqcsa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: skekiggeimmceqcg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: osaeyoiqoqawauga.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ymysimqoykwqeqiq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ymqaaskiwomkucuy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eqmeimmouegoasay.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: oqacqgmiaaewmmey.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uoeiymqawsqiyuck.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ykeaoyaycoiamqey.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ymseciekayuweoww.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aiyksmkyqgyaemiw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qwywqgsmgaoiwsga.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uoeeuiaewmogugeo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: okgeqaswygsgykme.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kcyakwisycecaqgw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: acwomuuukiomgqkm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacgceaygaecuguy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qiyggmguowygeooc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yegskieoocgoamyi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: suwkomiqcykeyako.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wuokiysmiucoucak.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ggqgwuaseamkyywa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: oyewqwkusieeoqey.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ommwaqgaemsmcqwc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qiswokuokugiooky.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wssaqmakumewmaes.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: iyawyckqggkwsyoq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gmmacaiigwcscggs.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: seuuicaewuoaumes.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ykocagogmeiwmymy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: sssawsmmkmuyqsaq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: iygsiugeeogoeiyi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yqceweqmaumwwywy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ismqaewykmoiguki.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wggikwiqowiwqcqg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ggwsuoyyioagegkw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ssoqscyewimqiqme.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uqyukkamycuaimsu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: okoguckagygoqqgk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: keosqeosukqcooco.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gcmiymmqgwuquokm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: isemauqkwwiumyky.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qgmyeeguweaukuke.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uygmgoymcwcgkios.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ywqiciegywcouoiy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qciqgoeogwwmwkcw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: muiccguyaeaqwweg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: waeqkmeeasauygum.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: waqcciyigkuoygqy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: keykoekseemyiewq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wgcaouuqqqwucogy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: omsqkuiwcwoegooq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qiuswcgwaqgemwcg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kqsamcsauqiagmma.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: oqummowmqwcgsegm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ymuiggyusggsymoi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eqkkkcuwkiqiecac.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uyygagweoagcuqky.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: miacggmycyqikoyq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: imgeoyougkmmeuec.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ggmwwewskeiggosq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: immyecuqwkiyscys.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eiqqequeskcqiqmw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qgukewuuykmmkgeq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: myymasomksgeawqw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: woeamasicuiqyckq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qwmaokcmiwuqqyes.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qoowyoueaaaccgqs.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: oyocwswugeiqqyoo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kcesagqugouwkqyg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: woceumwmwioocusa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aawqwccomcemcysm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eyoyssauceguqwmk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: waqmyueimmyiuawq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cycscsqyqkeaykgc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kocgeaeoakgqewog.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: skgcsksqyekiymii.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mmyukmsqamgicqai.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ukyokaigmmkumgoa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ucyoqcksaiiwgqae.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ikoqkscwsowwukmi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ososwckwcqmmwqcy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cykgucwkesokooyw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ecmyomcaicqysoqw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uogksceymossmmqc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aauquiiqeugcwswc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ywkamsiogkycyosy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mmeuqmoaekswggoe.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: koiugmaqgkawaiyw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kqukwaogqoucsaas.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ykomskascimimomo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kcqkucqkogqiuukw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aksuakswwkiimamq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qigcqiaomwieqwka.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aqiwocaywcswuwsq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ykaimcgigakggwec.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cuccygameukkeumw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kuoqgwooymgsqaum.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aoymcmmeqqqgwwca.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ysoqqwckkqssyigm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: iqmeccigieosgmwq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ecsamoyaimquqwow.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qcoysaaooaiccqyu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ceeomiecgymecgau.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ikwyuqgsegcgcccg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mgeycqkiwggsymyc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qiswcssocuqsaqkq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uykkwkqqemamguwa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: akueuaicusaoieiy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gakowseyscmeqkya.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: esiaisyasoaoqwki.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: oqoemaogyoikomiy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: seoomaqwwimwueiw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: oqegmuqkgyaywwmc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: esimsqgcwwwmyoqc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ikgkgaaqqsmomuim.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: skyqsyyymyacyayc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eyoaceoookqskqmy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kkcqgowgkcoyokcu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: oyekqyccewougasu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ucmioacycscyeouk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qusmiuqmmgqsgeci.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gwyooeiscmwguqms.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yqeugeoquqsokgqk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ukicsmiwggcwksam.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: osaymwoggqqycmse.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: awwomgcseeqwkkom.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: csoqiicgaaiyyoom.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cmukociggiqcouio.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aqgmgoqcoqqkguyk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: iyaqqeamygmakcgo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cyyukyomsoiqyyqa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uwimwwicgcscuoku.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: keguuyioweymiaws.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: omgooecquoweeomo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kuiqsugkqeoscguo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ggeqowwmmmeekigg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wukaqiusicksuguo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uowgcyqcgaqiumoi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ieikmuieoqqmugwu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: guimuaoiecmouigq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: igaiseoqksuoukqg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aaiouwywwcwuuasm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: equmqmqwuuuioawa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qgkgogieieoomkqq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kuywuskkgqsigqqs.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aosywgkogcissggi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ukekykoqskumoikg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: myoyccuwcyaygceg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gcikuiqswcgsscog.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ymsaymyugccysmow.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: miigookwguakmkeu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mssaogwocegysoow.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: oywgqkusocouysua.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: quoqoooiamqkkosc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yyimcoiwgckeakcm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ekcwemuekgqsimae.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: oqsakkimkesccikc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eqmycgagykgkqwsu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uwgicagyykoommga.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: omgcoecwsqiuqyug.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ggicikyqcaiyguee.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: owaaygsacguucaye.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aomaeyokqgsuomii.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mgseamqmgkqcuewy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ssagiiaauyewiswa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: iyaikmkkowcqemsi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wgqyouayikuyuqmk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ecgkeyeueawgcuqo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mgwmkyyqckeewgce.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: smoswyoekkccyuga.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wgyimykogekgewoa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: koecgqggegimaeya.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: giqukkwwcwgqcisg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ucwesqiquqggymqe.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ywyawywiuyecuiuu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qumaseqmggyaiauq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaoweoyqcuuykwgu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: okkyekwuommcicqi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: iymukyseoieqccac.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: goeykqccmemkswom.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kqoceoymymoicqky.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qascmswkaisogoaq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: isaeicumkcuwqmqq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: smckcsaioceiyasu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ucuiiwcwwgimkyyi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ysiwwoeeaaskykaw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kuiomoiwauwckqeq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yyemsyoimicqmais.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eqakguiwiqacqiwg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ikwyooieywakeqog.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wsaekoiomeagsaes.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cyqaqqcqamemsiog.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mismuqiygyeysaoo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uiguoqqagkiuagyc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wockoyekyageakcg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ecimsaauyieykegi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: osmoygyawqmmimkq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ukaiiiyqoooycyqm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mmymmauyiiksiugu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eqgwaamacqweiwie.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wmoamsauiwauoosg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: omuquowgiusiesgk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: iagisciiyoemgwaa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mgiwaegaqyyaakwy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: iqcqqquiwomgsmma.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: sauygqecsusickcu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eqyyguuwsyqaqgsq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kwuuwgemogmuomwq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: waqucgoeeeeymeii.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: csmgwcogqqcwseka.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: owoksuegymmgesys.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: maiyuocqqiqiiskw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uymiagmwmqmimewm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mywaqkeaawisisky.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wucwykasawokemaw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ceoqyeiycqkumwao.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qgkmsekougssaawq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: saumycuogqsqykes.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aoosomigeaiewqom.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qogsmcecyusiyaim.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: oekcyqqggaegsesm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ykqocceawkwoagmc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qwqsoyoqkymakowm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: smwsugycuuckemue.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wgymkeismmiemsqq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: maoeeogmuauywsyu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: muwqwgaaymomgwmi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ceucuuwiwwuiweaq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aqaqgemescmwsqks.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uokqeaieowiogsgc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kccmicaswqmswwak.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cyswykkcmggyiqwo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: imigkomgmqgmakqk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ssegwgieumyoasym.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: omasqkwqyskcagwi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uoigsiqmemcscosu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cauewwukyywyqiei.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qiqueqokwqqgwwci.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ieywwkeuouoqgqms.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: sksiyqgummyycgmi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: auuisqaykqgeesae.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eyiyueewuaqmmwcm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kwmcuwccqmuecgea.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cseksqccmgaieyic.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ysawassgkwqygmmq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: myisokqwsmqeusuy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mocikyoeikocwkuc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ywcuqkkmmqioiwqk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: oqouwceoowyiwgag.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ewacuagosgqmuocm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ywegqamoegumacgi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: owewoieiwasaueco.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: koioiiwouukqousy.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ewywcoeukaoaegci.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kcyoeiykekuqkkmg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uccyyemqaiiksuwm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kigcewceemkckeow.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: oekyamueeiiousia.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yekiwquqaacesqqq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ymmcwogyimsuqmcc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kkwkgmcoawgaoiwg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aamuskacaaiycguu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: waokmuyyeooamowm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wmqcgwcegsomeqas.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wacqigcacsemkyos.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: awyomscgweuqmgaw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cogsyycsuwoysugi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: auowmussgaesgwas.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mmygsewuukqkiiok.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yqocoeikiyacyuck.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cykgmsqcgysgaioo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aikmouciiqgecoqi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wgswkwaesqqwkoaa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yqqsggacauiiugka.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qcyksokwumicscaa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aqmqywkwsmmayyoi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: sesyieaiesegeaow.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wcgqccqcugomywua.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ggkyuooyikmqoscw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gmwcscokucowyogs.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eigkgwkyuqssgamw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uowowiqiyeiuwmcc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eswweuycwwiiykwo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yequgaccqouegcmw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uyqcacmsiquuwggq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qqqmeagkkosgcayo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ggkyecqguqkkuoso.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: waeqwwagawqkksya.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uecouukwkuceyuwg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kecgikusmakuksma.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qoiiomimuoaqgeku.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: quuemeewaqaiiyqc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ocsqocikkcggeaaw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uksgyqiqaaiaiesi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uiggameqqycugsqw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: immcqsiceooqyaay.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: acacoiqgoimayqwm.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yqcakkmwigkaumii.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ososokqeakgguwsq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: csiykwakekqoqaym.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: goguooqkgysueime.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wuuiumemmigyyauq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: iqcaysimoeeqamky.xyz replaycode: Name error (3)
Source: unknownNetwork traffic detected: DNS query count 336
Source: global trafficDNS traffic detected: number of DNS queries: 336
Source: Joe Sandbox ViewASN Name: GLESYS-ASSE GLESYS-ASSE
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004EA5B0 recv,recv,13_2_004EA5B0
Source: global trafficHTTP traffic detected: GET /api/client_hello HTTP/1.1Accept: */*Connection: closeHost: keoqiqigggqkcykq.xyz:443User-Agent: cpp-httplib/0.12.1
Source: global trafficDNS traffic detected: DNS query: qckwwsmukogkeuge.xyz
Source: global trafficDNS traffic detected: DNS query: keoqiqigggqkcykq.xyz
Source: global trafficDNS traffic detected: DNS query: kqsamcsauqiagmma.xyz
Source: global trafficDNS traffic detected: DNS query: mocikyoeikocwkuc.xyz
Source: global trafficDNS traffic detected: DNS query: uymiagmwmqmimewm.xyz
Source: global trafficDNS traffic detected: DNS query: gcikuiqswcgsscog.xyz
Source: global trafficDNS traffic detected: DNS query: qwmaokcmiwuqqyes.xyz
Source: global trafficDNS traffic detected: DNS query: igaiseoqksuoukqg.xyz
Source: global trafficDNS traffic detected: DNS query: kqukwaogqoucsaas.xyz
Source: global trafficDNS traffic detected: DNS query: miacggmycyqikoyq.xyz
Source: global trafficDNS traffic detected: DNS query: woceumwmwioocusa.xyz
Source: global trafficDNS traffic detected: DNS query: acgcaiyykiigugms.xyz
Source: global trafficDNS traffic detected: DNS query: cogsyycsuwoysugi.xyz
Source: global trafficDNS traffic detected: DNS query: oekyamueeiiousia.xyz
Source: global trafficDNS traffic detected: DNS query: wukaqiusicksuguo.xyz
Source: global trafficDNS traffic detected: DNS query: yyusosuyycoeikgo.xyz
Source: global trafficDNS traffic detected: DNS query: kqoceoymymoicqky.xyz
Source: global trafficDNS traffic detected: DNS query: uykkwkqqemamguwa.xyz
Source: global trafficDNS traffic detected: DNS query: oyekqyccewougasu.xyz
Source: global trafficDNS traffic detected: DNS query: ymsaymyugccysmow.xyz
Source: global trafficDNS traffic detected: DNS query: omuquowgiusiesgk.xyz
Source: global trafficDNS traffic detected: DNS query: wiywykakusaygisc.xyz
Source: global trafficDNS traffic detected: DNS query: aqmqywkwsmmayyoi.xyz
Source: global trafficDNS traffic detected: DNS query: cuccygameukkeumw.xyz
Source: global trafficDNS traffic detected: DNS query: ukekykoqskumoikg.xyz
Source: global trafficDNS traffic detected: DNS query: uyqcacmsiquuwggq.xyz
Source: global trafficDNS traffic detected: DNS query: ysoqqwckkqssyigm.xyz
Source: global trafficDNS traffic detected: DNS query: yyemsyoimicqmais.xyz
Source: global trafficDNS traffic detected: DNS query: miigookwguakmkeu.xyz
Source: global trafficDNS traffic detected: DNS query: qiuswcgwaqgemwcg.xyz
Source: global trafficDNS traffic detected: DNS query: wuusiiukmwcmimyk.xyz
Source: global trafficDNS traffic detected: DNS query: uqyukkamycuaimsu.xyz
Source: global trafficDNS traffic detected: DNS query: woeamasicuiqyckq.xyz
Source: global trafficDNS traffic detected: DNS query: akaueuwoocwkkoya.xyz
Source: global trafficDNS traffic detected: DNS query: qciqgoeogwwmwkcw.xyz
Source: global trafficDNS traffic detected: DNS query: ucwesqiquqggymqe.xyz
Source: global trafficDNS traffic detected: DNS query: mgseamqmgkqcuewy.xyz
Source: global trafficDNS traffic detected: DNS query: gaoweoyqcuuykwgu.xyz
Source: global trafficDNS traffic detected: DNS query: oqegmuqkgyaywwmc.xyz
Source: global trafficDNS traffic detected: DNS query: qusmiuqmmgqsgeci.xyz
Source: global trafficDNS traffic detected: DNS query: yqcakkmwigkaumii.xyz
Source: global trafficDNS traffic detected: DNS query: qokykyyigsyqggqe.xyz
Source: global trafficDNS traffic detected: DNS query: cyyyokugycioysok.xyz
Source: global trafficDNS traffic detected: DNS query: iqcaysimoeeqamky.xyz
Source: global trafficDNS traffic detected: DNS query: yekiwquqaacesqqq.xyz
Source: global trafficDNS traffic detected: DNS query: gmooqswyuuqaiomi.xyz
Source: global trafficDNS traffic detected: DNS query: kuiomoiwauwckqeq.xyz
Source: global trafficDNS traffic detected: DNS query: ceucuuwiwwuiweaq.xyz
Source: global trafficDNS traffic detected: DNS query: cycscsqyqkeaykgc.xyz
Source: global trafficDNS traffic detected: DNS query: ssagiiaauyewiswa.xyz
Source: global trafficDNS traffic detected: DNS query: ggwsuoyyioagegkw.xyz
Source: global trafficDNS traffic detected: DNS query: ieikmuieoqqmugwu.xyz
Source: global trafficDNS traffic detected: DNS query: kcqkucqkogqiuukw.xyz
Source: global trafficDNS traffic detected: DNS query: oqouwceoowyiwgag.xyz
Source: global trafficDNS traffic detected: DNS query: gakowseyscmeqkya.xyz
Source: global trafficDNS traffic detected: DNS query: quisoakcuqsygyyc.xyz
Source: global trafficDNS traffic detected: DNS query: auuisqaykqgeesae.xyz
Source: global trafficDNS traffic detected: DNS query: iyawyckqggkwsyoq.xyz
Source: global trafficDNS traffic detected: DNS query: ecmyomcaicqysoqw.xyz
Source: global trafficDNS traffic detected: DNS query: iqcqqquiwomgsmma.xyz
Source: global trafficDNS traffic detected: DNS query: ssegwgieumyoasym.xyz
Source: global trafficDNS traffic detected: DNS query: ceeomiecgymecgau.xyz
Source: global trafficDNS traffic detected: DNS query: myisokqwsmqeusuy.xyz
Source: global trafficDNS traffic detected: DNS query: ywkamsiogkycyosy.xyz
Source: global trafficDNS traffic detected: DNS query: ggkyecqguqkkuoso.xyz
Source: global trafficDNS traffic detected: DNS query: kcyoeiykekuqkkmg.xyz
Source: global trafficDNS traffic detected: DNS query: ikwyuqgsegcgcccg.xyz
Source: global trafficDNS traffic detected: DNS query: wgswkwaesqqwkoaa.xyz
Source: global trafficDNS traffic detected: DNS query: eqkkkcuwkiqiecac.xyz
Source: global trafficDNS traffic detected: DNS query: kigcewceemkckeow.xyz
Source: global trafficDNS traffic detected: DNS query: ykaimcgigakggwec.xyz
Source: global trafficDNS traffic detected: DNS query: uceaygkekiassamu.xyz
Source: global trafficDNS traffic detected: DNS query: seioywksogeseqig.xyz
Source: global trafficDNS traffic detected: DNS query: ssoqscyewimqiqme.xyz
Source: global trafficDNS traffic detected: DNS query: kocgeaeoakgqewog.xyz
Source: global trafficDNS traffic detected: DNS query: kuiqsugkqeoscguo.xyz
Source: global trafficDNS traffic detected: DNS query: kcsqwmkusesaccwa.xyz
Source: global trafficDNS traffic detected: DNS query: ywyawywiuyecuiuu.xyz
Source: global trafficDNS traffic detected: DNS query: uowowiqiyeiuwmcc.xyz
Source: global trafficDNS traffic detected: DNS query: uokqeaieowiogsgc.xyz
Source: global trafficDNS traffic detected: DNS query: ikoqkscwsowwukmi.xyz
Source: global trafficDNS traffic detected: DNS query: iymukyseoieqccac.xyz
Source: global trafficDNS traffic detected: DNS query: qascmswkaisogoaq.xyz
Source: global trafficDNS traffic detected: DNS query: gacgceaygaecuguy.xyz
Source: global trafficDNS traffic detected: DNS query: eqyyguuwsyqaqgsq.xyz
Source: global trafficDNS traffic detected: DNS query: ewywcoeukaoaegci.xyz
Source: global trafficDNS traffic detected: DNS query: mmygsewuukqkiiok.xyz
Source: global trafficDNS traffic detected: DNS query: wgyimykogekgewoa.xyz
Source: global trafficDNS traffic detected: DNS query: uiguoqqagkiuagyc.xyz
Source: global trafficDNS traffic detected: DNS query: kcesagqugouwkqyg.xyz
Source: global trafficDNS traffic detected: DNS query: yqeugeoquqsokgqk.xyz
Source: global trafficDNS traffic detected: DNS query: eigkgwkyuqssgamw.xyz
Source: global trafficDNS traffic detected: DNS query: waqmyueimmyiuawq.xyz
Source: global trafficDNS traffic detected: DNS query: qgukewuuykmmkgeq.xyz
Source: global trafficDNS traffic detected: DNS query: gmwcscokucowyogs.xyz
Source: global trafficDNS traffic detected: DNS query: ywegqamoegumacgi.xyz
Source: global trafficDNS traffic detected: DNS query: yquocucuqoywwcsu.xyz
Source: global trafficDNS traffic detected: DNS query: eqmeimmouegoasay.xyz
Source: global trafficDNS traffic detected: DNS query: cykgmsqcgysgaioo.xyz
Source: global trafficDNS traffic detected: DNS query: oqoemaogyoikomiy.xyz
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3a9a03.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{D425ECE9-AA22-4FB8-9E95-B5A59C391C55}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9DBC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004E907013_2_004E9070
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004E43E013_2_004E43E0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004F23B013_2_004F23B0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004F75A013_2_004F75A0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0058865013_2_00588650
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0049075013_2_00490750
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00492A5013_2_00492A50
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004DEEF013_2_004DEEF0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0054305013_2_00543050
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004D004013_2_004D0040
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0050904013_2_00509040
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0044100013_2_00441000
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004CA00013_2_004CA000
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0044201013_2_00442010
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005850C013_2_005850C0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004A10D013_2_004A10D0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005210E013_2_005210E0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004FF0F013_2_004FF0F0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0052E08013_2_0052E080
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0053B15013_2_0053B150
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0056315013_2_00563150
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0046916013_2_00469160
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0056217013_2_00562170
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0050011013_2_00500110
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0054211013_2_00542110
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0057510013_2_00575100
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004B511013_2_004B5110
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0047212013_2_00472120
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004AC12013_2_004AC120
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004671D013_2_004671D0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004B31D013_2_004B31D0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0052B1F013_2_0052B1F0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004551E013_2_004551E0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0057B1E013_2_0057B1E0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0051419013_2_00514190
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004CD18013_2_004CD180
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0050E1A013_2_0050E1A0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0053D1A013_2_0053D1A0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0057E1A013_2_0057E1A0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0053E25013_2_0053E250
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004FB24013_2_004FB240
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004FA24013_2_004FA240
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004C425013_2_004C4250
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0045626013_2_00456260
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0052F21013_2_0052F210
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0048120013_2_00481200
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004BF20013_2_004BF200
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0052220013_2_00522200
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0046021013_2_00460210
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0047021013_2_00470210
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005762F013_2_005762F0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0050D2E013_2_0050D2E0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004462F013_2_004462F0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0057D2E013_2_0057D2E0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005892E013_2_005892E0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004DA2F013_2_004DA2F0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0044F28013_2_0044F280
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004C729013_2_004C7290
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005352A013_2_005352A0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0050C34013_2_0050C340
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0054631013_2_00546310
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0051330013_2_00513300
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0051E30013_2_0051E300
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0053A30013_2_0053A300
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0047E31013_2_0047E310
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0049E31013_2_0049E310
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005253F013_2_005253F0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004AE3E013_2_004AE3E0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0049B39013_2_0049B390
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004523A013_2_004523A0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0053745013_2_00537450
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0055745013_2_00557450
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0057245013_2_00572450
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004A845013_2_004A8450
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0054947013_2_00549470
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0058247013_2_00582470
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004FE46013_2_004FE460
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0052641013_2_00526410
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0053641013_2_00536410
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0044B42013_2_0044B420
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0047442013_2_00474420
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004F042013_2_004F0420
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004CE4C013_2_004CE4C0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005394C013_2_005394C0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004D34D013_2_004D34D0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004E64D013_2_004E64D0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004544E013_2_004544E0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0055B4E013_2_0055B4E0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004974F013_2_004974F0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004C04F013_2_004C04F0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0053249013_2_00532490
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0049F48013_2_0049F480
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0050848013_2_00508480
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004CA4A013_2_004CA4A0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004E24A013_2_004E24A0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005014A013_2_005014A0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0056655013_2_00566550
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0056454013_2_00564540
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0046B56013_2_0046B560
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0058751013_2_00587510
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0051750013_2_00517500
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0057950013_2_00579500
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004FD51013_2_004FD510
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004E753013_2_004E7530
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005285C013_2_005285C0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004515E013_2_004515E0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0056E5E013_2_0056E5E0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0044D5B013_2_0044D5B0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004505B013_2_004505B0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0044764013_2_00447640
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004E565013_2_004E5650
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0050A66013_2_0050A660
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0050C66013_2_0050C660
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0054661013_2_00546610
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0057763013_2_00577630
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004C362013_2_004C3620
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004DB62013_2_004DB620
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0054162013_2_00541620
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0055462013_2_00554620
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0056D62013_2_0056D620
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004D163013_2_004D1630
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005386C013_2_005386C0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0056F6C013_2_0056F6C0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005486F013_2_005486F0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0049C69013_2_0049C690
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004A16A013_2_004A16A0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004996B013_2_004996B0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004A06B013_2_004A06B0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004D06B013_2_004D06B0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0050E77013_2_0050E770
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0044F76013_2_0044F760
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0047F76013_2_0047F760
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0046877013_2_00468770
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0047373013_2_00473730
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0049B73013_2_0049B730
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0052C7D013_2_0052C7D0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005337D013_2_005337D0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004647C013_2_004647C0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0057A7D013_2_0057A7D0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0056B7C013_2_0056B7C0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004B97D013_2_004B97D0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0055E7E013_2_0055E7E0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0052979013_2_00529790
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004C578013_2_004C5780
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0053478013_2_00534780
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005AD78013_2_005AD780
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005107B013_2_005107B0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0050785013_2_00507850
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0052A85013_2_0052A850
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0055C85013_2_0055C850
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0057F85013_2_0057F850
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0051484013_2_00514840
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0058784013_2_00587840
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0045286013_2_00452860
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0058A87013_2_0058A870
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004CB86013_2_004CB860
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004F687013_2_004F6870
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0049C81013_2_0049C810
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004F581013_2_004F5810
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005C783D13_2_005C783D
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005218C013_2_005218C0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0057D8F013_2_0057D8F0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0052D8E013_2_0052D8E0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005428B013_2_005428B0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005748B013_2_005748B0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005B08B013_2_005B08B0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004F48B013_2_004F48B0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004AB94013_2_004AB940
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004CD94013_2_004CD940
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0044995013_2_00449950
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0052B91013_2_0052B910
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0050093013_2_00500930
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0051C92013_2_0051C920
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005689D013_2_005689D0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004D29D013_2_004D29D0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0056D9F013_2_0056D9F0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0050A99013_2_0050A990
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004AC98013_2_004AC980
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004B69A013_2_004B69A0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0057C9A013_2_0057C9A0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004DA9B013_2_004DA9B0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00531A5013_2_00531A50
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00549A4013_2_00549A40
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00530A6013_2_00530A60
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004F8A0013_2_004F8A00
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004E0A1013_2_004E0A10
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00541A2013_2_00541A20
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00557A2013_2_00557A20
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005B7A2D13_2_005B7A2D
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0053AAF013_2_0053AAF0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004AFA8013_2_004AFA80
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0056AA8013_2_0056AA80
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0051AAB013_2_0051AAB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00446AA013_2_00446AA0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00520AA013_2_00520AA0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0044BAB013_2_0044BAB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00537B5013_2_00537B50
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0053CB5013_2_0053CB50
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004D1B5013_2_004D1B50
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004E3B6013_2_004E3B60
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004FBB7013_2_004FBB70
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00450B0013_2_00450B00
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004EDB2013_2_004EDB20
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00456BC013_2_00456BC0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00454BC013_2_00454BC0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004B3BC013_2_004B3BC0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004FFBD013_2_004FFBD0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00532BF013_2_00532BF0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00558BE013_2_00558BE0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00483B8013_2_00483B80
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0057BBB013_2_0057BBB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004C2BA013_2_004C2BA0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00463BB013_2_00463BB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0047CC5013_2_0047CC50
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00522C7013_2_00522C70
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0053DC6013_2_0053DC60
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0055CC6013_2_0055CC60
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00461C7013_2_00461C70
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00573C6013_2_00573C60
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0051FC1013_2_0051FC10
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00524C0013_2_00524C00
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0048FC1013_2_0048FC10
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00585C2013_2_00585C20
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004D7C3013_2_004D7C30
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0044FCC013_2_0044FCC0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00561CF013_2_00561CF0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00571CF013_2_00571CF0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004B9CE013_2_004B9CE0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004F6CF013_2_004F6CF0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00569C8013_2_00569C80
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004CBC9013_2_004CBC90
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00506CB013_2_00506CB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0044ECA013_2_0044ECA0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00448CB013_2_00448CB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004EACB013_2_004EACB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004C8D4013_2_004C8D40
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004EBD4013_2_004EBD40
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0057CD4013_2_0057CD40
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004ACD6013_2_004ACD60
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004C7D6013_2_004C7D60
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004C4D0013_2_004C4D00
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00544D3013_2_00544D30
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00469D2013_2_00469D20
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0046AD2013_2_0046AD20
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004D6DC013_2_004D6DC0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004EFDE013_2_004EFDE0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00509DE013_2_00509DE0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004D9DF013_2_004D9DF0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004A5D9013_2_004A5D90
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0055FDB013_2_0055FDB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00570DB013_2_00570DB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00582DB013_2_00582DB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004A0DA013_2_004A0DA0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00516DA013_2_00516DA0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004B8DB013_2_004B8DB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004DBDB013_2_004DBDB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00512E5013_2_00512E50
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004F0E4013_2_004F0E40
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0049DE5013_2_0049DE50
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00567E6013_2_00567E60
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00467E3013_2_00467E30
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00471E3013_2_00471E30
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005C2E2613_2_005C2E26
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005C2EDE13_2_005C2EDE
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00533ED013_2_00533ED0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004B6ED013_2_004B6ED0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00566EF013_2_00566EF0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00563EE013_2_00563EE0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00528E9013_2_00528E90
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00531E9013_2_00531E90
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004AEE8013_2_004AEE80
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004D0E8013_2_004D0E80
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00560E8013_2_00560E80
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00504EB013_2_00504EB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00449EA013_2_00449EA0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00549EB013_2_00549EB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00568EB013_2_00568EB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00572EB013_2_00572EB0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00451F5013_2_00451F50
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00511F1013_2_00511F10
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004D4F0013_2_004D4F00
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0050EF0013_2_0050EF00
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00527F2013_2_00527F20
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0052BF2013_2_0052BF20
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00517FC013_2_00517FC0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00518F8013_2_00518F80
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004D8F9013_2_004D8F90
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0044CFA013_2_0044CFA0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0050CFA013_2_0050CFA0
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0049EFB013_2_0049EFB0
Source: Joe Sandbox ViewDropped File: C:\Windows\Installer\MSI9DBC.tmp FD622CF73EA951A6DE631063ABA856487D77745DD1500ADCA61902B8DDE56FE1
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: String function: 005AC1A0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: String function: 00454260 appears 48 times
Source: classification engineClassification label: mal88.troj.evad.winMSI@12/12@342/1
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4440:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4616:120:WilError_03
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFDBE736A01738D6FA.TMPJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile read: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\msiwrapper.iniJump to behavior
Source: C:\Windows\SysWOW64\icacls.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 2Wr5r2e9vo.msiVirustotal: Detection: 28%
Source: 2Wr5r2e9vo.msiReversingLabs: Detection: 29%
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\2Wr5r2e9vo.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding C87318A1E88CD27EAD404D332FBFE39C
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
Source: C:\Windows\SysWOW64\expand.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe "C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe" /VERYSILENT /VERYSILENT
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding C87318A1E88CD27EAD404D332FBFE39CJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\." /SETINTEGRITYLEVEL (CI)(OI)HIGHJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* filesJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe "C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe" /VERYSILENT /VERYSILENT Jump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: dpx.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: wdscore.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile written: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\msiwrapper.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 2Wr5r2e9vo.msiStatic file information: File size 1908736 > 1048576
Source: Binary string: C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb source: 2Wr5r2e9vo.msi, 3a9a03.msi.2.dr, MSI9DBC.tmp.2.dr
Source: 8cccbf84c3e089418139dd95981f2766.tmp.6.drStatic PE information: section name: .00cfg
Source: 8cccbf84c3e089418139dd95981f2766.tmp.6.drStatic PE information: section name: .voltbl
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00492A50 push eax; mov dword ptr [esp], ecx13_2_00492A52
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00455170 push eax; mov dword ptr [esp], ecx13_2_00455173
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005AC35A push ecx; ret 13_2_005AC36D
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00461390 push eax; mov dword ptr [esp], ecx13_2_00461391
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0046F4B0 push eax; mov dword ptr [esp], ecx13_2_0046F4B5
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005155D0 push eax; mov dword ptr [esp], ecx13_2_005155D5
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_004636F0 push eax; mov dword ptr [esp], ecx13_2_004636F5
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00492940 push eax; mov dword ptr [esp], ecx13_2_00492944
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00453AD0 push eax; mov dword ptr [esp], ecx13_2_00453AD3
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00456B50 push eax; mov dword ptr [esp], ecx13_2_00456B53
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_00454EB0 push eax; mov dword ptr [esp], ecx13_2_00454EB3
Source: 8cccbf84c3e089418139dd95981f2766.tmp.6.drStatic PE information: section name: .text entropy: 6.985757444463032
Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9DBC.tmpJump to dropped file
Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\4244ba815cc94a57841dfebadb3b6b17$dpx$.tmp\8cccbf84c3e089418139dd95981f2766.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9DBC.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeThread delayed: delay time: 599983Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeWindow / User API: threadDelayed 516Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeWindow / User API: threadDelayed 1181Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeWindow / User API: threadDelayed 6150Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeWindow / User API: threadDelayed 1502Jump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9DBC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_13-70199
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe TID: 5648Thread sleep count: 516 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe TID: 5648Thread sleep time: -309600000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe TID: 5648Thread sleep count: 1181 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe TID: 5648Thread sleep count: 346 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe TID: 5648Thread sleep count: 6150 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe TID: 5648Thread sleep time: -599983s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe TID: 5648Thread sleep count: 1502 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe TID: 5648Thread sleep count: 39 > 30Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeLast function: Thread delayed
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\expand.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\expand.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005C239E _free,_free,FindFirstFileExW,_free,13_2_005C239E
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005C244F FindFirstFileExW,_free,FindNextFileW,_free,FindClose,_free,13_2_005C244F
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeThread delayed: delay time: 599983Jump to behavior
Source: anterra.exe, 0000000D.00000002.3429833371.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Found API chain indicative of debugger detection
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_13-69971
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005AC026 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_005AC026
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005BFB86 mov eax, dword ptr fs:[00000030h]13_2_005BFB86
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005B1598 mov eax, dword ptr fs:[00000030h]13_2_005B1598
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005BFB55 mov eax, dword ptr fs:[00000030h]13_2_005BFB55
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_0047F760 GetProcessHeap,HeapFree,13_2_0047F760
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005AC026 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_005AC026
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005ABD8B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_005ABD8B
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005B3DAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_005B3DAA
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\." /SETINTEGRITYLEVEL (CI)(OI)HIGHJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* filesJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe "C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe" /VERYSILENT /VERYSILENT Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005ABDB3 cpuid 13_2_005ABDB3
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: GetLocaleInfoW,13_2_005BD093
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: EnumSystemLocalesW,13_2_005BD66D
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,13_2_005C16B7
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: EnumSystemLocalesW,13_2_005C190D
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,13_2_005C19A8
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: EnumSystemLocalesW,13_2_005C1BFB
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: GetLocaleInfoW,13_2_005C1C5A
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: GetLocaleInfoW,13_2_005C1D7A
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: EnumSystemLocalesW,13_2_005C1D2F
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,13_2_005C1E21
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: GetLocaleInfoW,13_2_005C1F27
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exeCode function: 13_2_005AC848 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,13_2_005AC848
Source: C:\Windows\SysWOW64\expand.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Native API		1
Services File Permissions Weakness		11
Process Injection		2
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		12
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
Services File Permissions Weakness		121
Virtualization/Sandbox Evasion		LSASS Memory221
Security Software Discovery		Remote Desktop ProtocolData from Removable Media2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		11
Process Injection		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS121
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
Obfuscated Files or Information		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Services File Permissions Weakness		Cached Domain Credentials11
Peripheral Device Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Software Packing		DCSync3
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc Filesystem34
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562073 Sample: 2Wr5r2e9vo.msi Startdate: 25/11/2024 Architecture: WINDOWS Score: 88 37 yyimcoiwgckeakcm.xyz 2->37 39 ywyawywiuyecuiuu.xyz 2->39 41 336 other IPs or domains 2->41 45 Multi AV Scanner detection for domain / URL 2->45 47 Antivirus detection for URL or domain 2->47 49 Multi AV Scanner detection for dropped file 2->49 53 3 other signatures 2->53 9 msiexec.exe 3 10 2->9         started        12 msiexec.exe 5 2->12         started        signatures3 51 Performs DNS queries to domains with low reputation 39->51 process4 file5 33 C:\Windows\Installer\MSI9DBC.tmp, PE32 9->33 dropped 14 msiexec.exe 5 9->14         started        process6 process7 16 anterra.exe 14->16         started        20 expand.exe 4 14->20         started        23 icacls.exe 1 14->23         started        dnsIp8 35 keoqiqigggqkcykq.xyz 31.192.232.92, 443, 49797 GLESYS-ASSE Russian Federation 16->35 43 Found API chain indicative of debugger detection 16->43 29 C:\Users\user\AppData\...\anterra.exe (copy), PE32 20->29 dropped 31 C:\...\8cccbf84c3e089418139dd95981f2766.tmp, PE32 20->31 dropped 25 conhost.exe 20->25         started        27 conhost.exe 23->27         started        file9 signatures10 process11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
2Wr5r2e9vo.msi29%VirustotalBrowse
2Wr5r2e9vo.msi29%ReversingLabsWin32.Trojan.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\4244ba815cc94a57841dfebadb3b6b17$dpx$.tmp\8cccbf84c3e089418139dd95981f2766.tmp32%ReversingLabsWin32.Worm.Zomon
C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe (copy)32%ReversingLabsWin32.Worm.Zomon
C:\Windows\Installer\MSI9DBC.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
keoqiqigggqkcykq.xyz12%VirustotalBrowse
uwgicagyykoommga.xyz4%VirustotalBrowse
oqsakkimkesccikc.xyz5%VirustotalBrowse
maoeeogmuauywsyu.xyz4%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://keoqiqigggqkcykq.xyz:443/api/client_hello100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
keoqiqigggqkcykq.xyz
31.192.232.92
truetrueunknown
ax-0001.ax-msedge.net
150.171.28.10
truefalse
    		high
    fp2e7a.wpc.phicdn.net
    		192.229.221.95
    		truefalse
      		high
      oqsakkimkesccikc.xyz
      		unknown
      		unknowntrueunknown
      uwgicagyykoommga.xyz
      		unknown
      		unknowntrueunknown
      maoeeogmuauywsyu.xyz
      		unknown
      		unknowntrueunknown
      wgyimykogekgewoa.xyz
      		unknown
      		unknowntrue
        		unknown
        uowgcyqcgaqiumoi.xyz
        		unknown
        		unknowntrue
          		unknown
          aqaqgemescmwsqks.xyz
          		unknown
          		unknowntrue
            		unknown
            gaisoawuoicqsumy.xyz
            		unknown
            		unknowntrue
              		unknown
              wuokiysmiucoucak.xyz
              		unknown
              		unknowntrue
                		unknown
                omasqkwqyskcagwi.xyz
                		unknown
                		unknowntrue
                  		unknown
                  aikmouciiqgecoqi.xyz
                  		unknown
                  		unknowntrue
                    		unknown
                    ikoqkscwsowwukmi.xyz
                    		unknown
                    		unknowntrue
                      		unknown
                      ymqaaskiwomkucuy.xyz
                      		unknown
                      		unknowntrue
                        		unknown
                        qiyggmguowygeooc.xyz
                        		unknown
                        		unknowntrue
                          		unknown
                          cogsyycsuwoysugi.xyz
                          		unknown
                          		unknowntrue
                            		unknown
                            akueuaicusaoieiy.xyz
                            		unknown
                            		unknowntrue
                              		unknown
                              yyimcoiwgckeakcm.xyz
                              		unknown
                              		unknowntrue
                                		unknown
                                cuccygameukkeumw.xyz
                                		unknown
                                		unknowntrue
                                  		unknown
                                  uymiagmwmqmimewm.xyz
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    cyyukyomsoiqyyqa.xyz
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      wgswkwaesqqwkoaa.xyz
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        cykgmsqcgysgaioo.xyz
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          sauygqecsusickcu.xyz
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            uokqeaieowiogsgc.xyz
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              mmeuqmoaekswggoe.xyz
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                ssoqscyewimqiqme.xyz
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  sesyieaiesegeaow.xyz
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    wssaqmakumewmaes.xyz
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      quoqoooiamqkkosc.xyz
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        ssegwgieumyoasym.xyz
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          eqyyguuwsyqaqgsq.xyz
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            yqcakkmwigkaumii.xyz
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown
                                                              osaeyoiqoqawauga.xyz
                                                              		unknown
                                                              		unknowntrue
                                                                		unknown
                                                                kqmsgskwgemyueya.xyz
                                                                		unknown
                                                                		unknowntrue
                                                                  		unknown
                                                                  oekyamueeiiousia.xyz
                                                                  		unknown
                                                                  		unknowntrue
                                                                    		unknown
                                                                    ywkamsiogkycyosy.xyz
                                                                    		unknown
                                                                    		unknowntrue
                                                                      		unknown
                                                                      kigcewceemkckeow.xyz
                                                                      		unknown
                                                                      		unknowntrue
                                                                        		unknown
                                                                        qgukewuuykmmkgeq.xyz
                                                                        		unknown
                                                                        		unknowntrue
                                                                          		unknown
                                                                          seoomaqwwimwueiw.xyz
                                                                          		unknown
                                                                          		unknowntrue
                                                                            		unknown
                                                                            ismqaewykmoiguki.xyz
                                                                            		unknown
                                                                            		unknowntrue
                                                                              		unknown
                                                                              ekcwemuekgqsimae.xyz
                                                                              		unknown
                                                                              		unknowntrue
                                                                                		unknown
                                                                                iyaikmkkowcqemsi.xyz
                                                                                		unknown
                                                                                		unknowntrue
                                                                                  		unknown
                                                                                  keykoekseemyiewq.xyz
                                                                                  		unknown
                                                                                  		unknowntrue
                                                                                    		unknown
                                                                                    mywaqkeaawisisky.xyz
                                                                                    		unknown
                                                                                    		unknowntrue
                                                                                      		unknown
                                                                                      smckcsaioceiyasu.xyz
                                                                                      		unknown
                                                                                      		unknowntrue
                                                                                        		unknown
                                                                                        ieikmuieoqqmugwu.xyz
                                                                                        		unknown
                                                                                        		unknowntrue
                                                                                          		unknown
                                                                                          uoeeuiaewmogugeo.xyz
                                                                                          		unknown
                                                                                          		unknowntrue
                                                                                            		unknown
                                                                                            kcyakwisycecaqgw.xyz
                                                                                            		unknown
                                                                                            		unknowntrue
                                                                                              		unknown
                                                                                              eqmeimmouegoasay.xyz
                                                                                              		unknown
                                                                                              		unknowntrue
                                                                                                		unknown
                                                                                                ymysimqoykwqeqiq.xyz
                                                                                                		unknown
                                                                                                		unknowntrue
                                                                                                  		unknown
                                                                                                  skgcsksqyekiymii.xyz
                                                                                                  		unknown
                                                                                                  		unknowntrue
                                                                                                    		unknown
                                                                                                    mssaogwocegysoow.xyz
                                                                                                    		unknown
                                                                                                    		unknowntrue
                                                                                                      		unknown
                                                                                                      miigookwguakmkeu.xyz
                                                                                                      		unknown
                                                                                                      		unknowntrue
                                                                                                        		unknown
                                                                                                        auowmussgaesgwas.xyz
                                                                                                        		unknown
                                                                                                        		unknowntrue
                                                                                                          		unknown
                                                                                                          qigcqiaomwieqwka.xyz
                                                                                                          		unknown
                                                                                                          		unknowntrue
                                                                                                            		unknown
                                                                                                            oywgqkusocouysua.xyz
                                                                                                            		unknown
                                                                                                            		unknowntrue
                                                                                                              		unknown
                                                                                                              isaeicumkcuwqmqq.xyz
                                                                                                              		unknown
                                                                                                              		unknowntrue
                                                                                                                		unknown
                                                                                                                ukmcqucewskcqygg.xyz
                                                                                                                		unknown
                                                                                                                		unknowntrue
                                                                                                                  		unknown
                                                                                                                  omuquowgiusiesgk.xyz
                                                                                                                  		unknown
                                                                                                                  		unknowntrue
                                                                                                                    		unknown
                                                                                                                    skekiggeimmceqcg.xyz
                                                                                                                    		unknown
                                                                                                                    		unknowntrue
                                                                                                                      		unknown
                                                                                                                      wgcaouuqqqwucogy.xyz
                                                                                                                      		unknown
                                                                                                                      		unknowntrue
                                                                                                                        		unknown
                                                                                                                        cykgucwkesokooyw.xyz
                                                                                                                        		unknown
                                                                                                                        		unknowntrue
                                                                                                                          		unknown
                                                                                                                          iagisciiyoemgwaa.xyz
                                                                                                                          		unknown
                                                                                                                          		unknowntrue
                                                                                                                            		unknown
                                                                                                                            ecacmycegqoaquio.xyz
                                                                                                                            		unknown
                                                                                                                            		unknowntrue
                                                                                                                              		unknown
                                                                                                                              ywqiciegywcouoiy.xyz
                                                                                                                              		unknown
                                                                                                                              		unknowntrue
                                                                                                                                		unknown
                                                                                                                                ykeaoyaycoiamqey.xyz
                                                                                                                                		unknown
                                                                                                                                		unknowntrue
                                                                                                                                  		unknown
                                                                                                                                  gwwcqeykmseicgaw.xyz
                                                                                                                                  		unknown
                                                                                                                                  		unknowntrue
                                                                                                                                    		unknown
                                                                                                                                    yquocucuqoywwcsu.xyz
                                                                                                                                    		unknown
                                                                                                                                    		unknowntrue
                                                                                                                                      		unknown
                                                                                                                                      uoeiymqawsqiyuck.xyz
                                                                                                                                      		unknown
                                                                                                                                      		unknowntrue
                                                                                                                                        		unknown
                                                                                                                                        oqummowmqwcgsegm.xyz
                                                                                                                                        		unknown
                                                                                                                                        		unknowntrue
                                                                                                                                          		unknown
                                                                                                                                          ikwyooieywakeqog.xyz
                                                                                                                                          		unknown
                                                                                                                                          		unknowntrue
                                                                                                                                            		unknown
                                                                                                                                            ukekykoqskumoikg.xyz
                                                                                                                                            		unknown
                                                                                                                                            		unknowntrue
                                                                                                                                              		unknown
                                                                                                                                              uwimwwicgcscuoku.xyz
                                                                                                                                              		unknown
                                                                                                                                              		unknowntrue
                                                                                                                                                		unknown
                                                                                                                                                cseksqccmgaieyic.xyz
                                                                                                                                                		unknown
                                                                                                                                                		unknowntrue
                                                                                                                                                  		unknown
                                                                                                                                                  gmmacaiigwcscggs.xyz
                                                                                                                                                  		unknown
                                                                                                                                                  		unknowntrue
                                                                                                                                                    		unknown
                                                                                                                                                    miacggmycyqikoyq.xyz
                                                                                                                                                    		unknown
                                                                                                                                                    		unknowntrue
                                                                                                                                                      		unknown
                                                                                                                                                      ywyawywiuyecuiuu.xyz
                                                                                                                                                      		unknown
                                                                                                                                                      		unknowntrue
                                                                                                                                                        		unknown
                                                                                                                                                        qascmswkaisogoaq.xyz
                                                                                                                                                        		unknown
                                                                                                                                                        		unknowntrue
                                                                                                                                                          		unknown
                                                                                                                                                          mmisquwegymayaee.xyz
                                                                                                                                                          		unknown
                                                                                                                                                          		unknowntrue
                                                                                                                                                            		unknown
                                                                                                                                                            seuuicaewuoaumes.xyz
                                                                                                                                                            		unknown
                                                                                                                                                            		unknowntrue
                                                                                                                                                              		unknown
                                                                                                                                                              aoosomigeaiewqom.xyz
                                                                                                                                                              		unknown
                                                                                                                                                              		unknowntrue
                                                                                                                                                                		unknown
                                                                                                                                                                suwkomiqcykeyako.xyz
                                                                                                                                                                		unknown
                                                                                                                                                                		unknowntrue
                                                                                                                                                                  		unknown
                                                                                                                                                                  ysiwwoeeaaskykaw.xyz
                                                                                                                                                                  		unknown
                                                                                                                                                                  		unknowntrue
                                                                                                                                                                    		unknown
                                                                                                                                                                    qusmiuqmmgqsgeci.xyz
                                                                                                                                                                    		unknown
                                                                                                                                                                    		unknowntrue
                                                                                                                                                                      		unknown
                                                                                                                                                                      ggicikyqcaiyguee.xyz
                                                                                                                                                                      		unknown
                                                                                                                                                                      		unknowntrue
                                                                                                                                                                        		unknown
                                                                                                                                                                        uowowiqiyeiuwmcc.xyz
                                                                                                                                                                        		unknown
                                                                                                                                                                        		unknowntrue
                                                                                                                                                                          		unknown
                                                                                                                                                                          gwoyamckoqoaauoq.xyz
                                                                                                                                                                          		unknown
                                                                                                                                                                          		unknowntrue
                                                                                                                                                                            		unknown
                                                                                                                                                                            wuusiiukmwcmimyk.xyz
                                                                                                                                                                            		unknown
                                                                                                                                                                            		unknowntrue
                                                                                                                                                                              		unknown
                                                                                                                                                                              keosqeosukqcooco.xyz
                                                                                                                                                                              		unknown
                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                		unknown
                                                                                                                                                                                oyewqwkusieeoqey.xyz
                                                                                                                                                                                		unknown
                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  iqmeccigieosgmwq.xyz
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    eqkkkcuwkiqiecac.xyz
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      qiqueqokwqqgwwci.xyz
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        okkyekwuommcicqi.xyz
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          quuemeewaqaiiyqc.xyz
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          		unknowntrue
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            eigkgwkyuqssgamw.xyz
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            		unknowntrue
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              keguuyioweymiaws.xyz
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                goeykqccmemkswom.xyz
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                                  		unknown

                                                                                                                                                                                                  Contacted URLs

                                                                                                                                                                                                  NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                  https://keoqiqigggqkcykq.xyz:443/api/client_hellotrue
                                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                                  		unknown

                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                  31.192.232.92
                                                                                                                                                                                                  		keoqiqigggqkcykq.xyzRussian Federation
                                                                                                                                                                                                  		43948GLESYS-ASSEtrue

                                                                                                                                                                                                  General Information

                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                  Analysis ID:1562073
                                                                                                                                                                                                  Start date and time:2024-11-25 07:41:12 +01:00
                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                  Overall analysis duration:0h 6m 55s
                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                  Run name:Potential for more IOCs and behavior
                                                                                                                                                                                                  Number of analysed new started processes analysed:21
                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                  Sample name:2Wr5r2e9vo.msi
                                                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                                                  Original Sample Name:8ef787b0f11fcb0d5d9fe3b209bb5526.msi
                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                  Classification:mal88.troj.evad.winMSI@12/12@342/1
                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                  • Successful, ratio: 79%
                                                                                                                                                                                                  • Number of executed functions: 22
                                                                                                                                                                                                  • Number of non-executed functions: 129
                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                  • Found application associated with file extension: .msi
                                                                                                                                                                                                  • Close Viewer

                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 23.218.208.109
                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, tse1.mm.bing.net, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, prod.fs.microsoft.com.akadns.net
                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.

                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                  01:42:37API Interceptor494587x Sleep call for process: anterra.exe modified

                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                  IPs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  31.192.232.92aba5298f.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    setup.msiGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                      Domains

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      fp2e7a.wpc.phicdn.netfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      • 192.229.221.95
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 192.229.221.95
                                                                                                                                                                                                      Outstanding Invoices_pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                      • 192.229.221.95
                                                                                                                                                                                                      ListaItensVistoriaCorpodeBombeirosObrigatorio.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                      • 192.229.221.95
                                                                                                                                                                                                      registration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                      • 192.229.221.95
                                                                                                                                                                                                      portal.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                      • 192.229.221.95
                                                                                                                                                                                                      Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                      • 192.229.221.95
                                                                                                                                                                                                      file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                      • 192.229.221.95
                                                                                                                                                                                                      Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                      • 192.229.221.95
                                                                                                                                                                                                      e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                      • 192.229.221.95
                                                                                                                                                                                                      ax-0001.ax-msedge.netRFQ AE 3003910999.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                                                                                                                                                                                      • 150.171.27.10
                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                      • 150.171.27.10
                                                                                                                                                                                                      file.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                      • 150.171.27.10
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 150.171.27.10
                                                                                                                                                                                                      file.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                      • 150.171.27.10
                                                                                                                                                                                                      file.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                      • 150.171.28.10
                                                                                                                                                                                                      lw2HMxuVuf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 150.171.27.10
                                                                                                                                                                                                      17324340651fd0721b4a9b07278d0f63e6333ccd4883a9dc52eb27994b32b0d64dfb919b72906.dat-decoded.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                                                                                                                                                                      • 150.171.28.10
                                                                                                                                                                                                      ORDER 08757646566535857_95877465434-1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 150.171.28.10
                                                                                                                                                                                                      file.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                      • 150.171.27.10

                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      GLESYS-ASSEaba5298f.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 31.192.232.92
                                                                                                                                                                                                      setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 31.192.232.92
                                                                                                                                                                                                      byte.mpsl.elfGet hashmaliciousOkiruBrowse
                                                                                                                                                                                                      • 79.99.1.65
                                                                                                                                                                                                      la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 194.132.103.241
                                                                                                                                                                                                      la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 194.132.75.40
                                                                                                                                                                                                      na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 194.132.75.55
                                                                                                                                                                                                      PrintDriver_x64.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 31.192.232.37
                                                                                                                                                                                                      xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                      • 194.132.99.68
                                                                                                                                                                                                      rsJtZBgpwG.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                      • 194.132.75.41
                                                                                                                                                                                                      DocScan_20244841.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 31.192.232.37

                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      C:\Windows\Installer\MSI9DBC.tmpwE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                                        wE1inOhJA5.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          EVp6NE5N9g.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            EVp6NE5N9g.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              aba5298f.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                aba5298f.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  fO7yt1oYdn.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    fO7yt1oYdn.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      fO7yt1oYdn.msiGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files.cab

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 1597944 bytes, 1 file, at 0x2c +A "anterra.exe", ID 28617, number 1, 20998 datablocks, 0x1503 compression
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1597944
                                                                                                                                                                                                                        Entropy (8bit):5.284249670897271
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:3TnopGR274VCg0MOg44CGgRynfWMSrcJ/:spGR0ACg0MOWCwnuMacJ/
                                                                                                                                                                                                                        MD5:3EA8F867C2DAD306173D24F0A0F1C763
                                                                                                                                                                                                                        SHA1:E44EEF4FC152DC00C2AB01FF3042DFEC100BD37D
                                                                                                                                                                                                                        SHA-256:33A956FD56612688E6339D4D4486E8767AAC967A2AC808EB9FAD1AF20B4AC9B6
                                                                                                                                                                                                                        SHA-512:CB8F4DD7BA9789D4D19C038B6FBCD3412F7315381D56943BBE3C9BAD17F1C3BFBEF36E3E2564CA4FA0CAD3E0F4BEBF70EC93A2584DEC43B70D13ACC6B2A56680
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Preview:MSCF.....a......,................o..H....R.....)......uY<. .anterra.exe......>..[...6 6&q.....5..P..mN.V.V...&.R...Q..T..$\..C.....jB...C...{o.rV...h..oQ..Z5.Te#3.V...`{..I.J...<...5.x._|...^.. (..ua.7_..sf;0|3.t ..Q.@....-...G.+...Q...l.#E.u.o&)XT......QGl#.[N%.H..'1.#.,.....Z..D....F..........9{....]~j..w[.%....$WQ..X"I..H.(..+.8p.@.q....AEp.......e...Y...(...0.....?7E.....J.G..z..Oiq...+....H.7......oG.3.H.>.)>o....7..j[.M.&.{.h..{...............X='e._..dZ...|.......J.A..cb><...2.C..Z....c(..S=...3.z..&U?. ..vh1..W....}.3..6.|X..GM..\s..%.x....~...CD.FU..t...2!.f.b=...MTM.*..>..v......L..]5.kx....r.-..?...q.D.^.)..<...<....8./...9...0.....O)x...~.X..!..$2.y...[.....@.aL). ..d%Vl....0w.s.k)...Z}........O+.N..Q.pZ.../.....z....M.N..z.....y....K.~b<Q.8Y.Q)~..q....:.U.LZ...'+...A&..d.|.3...#...7W=z......Hs.6K.h.X..'...B..H..a}.1B...3Y..&l.AN...,.g1P.p.'.x.1...L......'t...........-.....M0......".... ..N....L.....T.......a.....'..p6...GE]. ..Bor6.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\4244ba815cc94a57841dfebadb3b6b17$dpx$.tmp\8cccbf84c3e089418139dd95981f2766.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):688039936
                                                                                                                                                                                                                        Entropy (8bit):0.042704478581080584
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:DF5B588DABBB47648D6FEF8ABBC59064
                                                                                                                                                                                                                        SHA1:C9FDA90C3AB3E3328928B4E050252B2A82234CF0
                                                                                                                                                                                                                        SHA-256:3283C6AB5E25F642C170C570EE170B893916BE8DB0BF7BB27158AF054AD84B5E
                                                                                                                                                                                                                        SHA-512:BCF0688FBC5E1287F8AB52B745DFCAC8AB9E3B6267FD791E7724A2D8EB605B74A54F8CC3B97901EF59A85F4AE25FC96975265BEDB7DAEC96802AF1788E69212A
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 32%
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....?g............................5.............@..........................p......_..)..@.....................................x...........................................................+.......................................................text............................... ..`.rdata........... ..................@..@.data............>..................@....00cfg..............................@..@.tls................................@....voltbl.,................................rsrc..............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):688039936
                                                                                                                                                                                                                        Entropy (8bit):0.042704478581080584
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:DF5B588DABBB47648D6FEF8ABBC59064
                                                                                                                                                                                                                        SHA1:C9FDA90C3AB3E3328928B4E050252B2A82234CF0
                                                                                                                                                                                                                        SHA-256:3283C6AB5E25F642C170C570EE170B893916BE8DB0BF7BB27158AF054AD84B5E
                                                                                                                                                                                                                        SHA-512:BCF0688FBC5E1287F8AB52B745DFCAC8AB9E3B6267FD791E7724A2D8EB605B74A54F8CC3B97901EF59A85F4AE25FC96975265BEDB7DAEC96802AF1788E69212A
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 32%
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....?g............................5.............@..........................p......_..)..@.....................................x...........................................................+.......................................................text............................... ..`.rdata........... ..................@..@.data............>..................@....00cfg..............................@..@.tls................................@....voltbl.,................................rsrc..............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\msiwrapper.ini

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1618
                                                                                                                                                                                                                        Entropy (8bit):3.6916431300316406
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:LKAQQG/EnpZJFhZQ8GPZQ8Gk5SbZQ8GHA0ow:KQG/cpNQ8mQ8voNQ8B6
                                                                                                                                                                                                                        MD5:EF003284489D4945615348903AD4E9A6
                                                                                                                                                                                                                        SHA1:AC91A5649F4B7898F7421D96CD8F6D37254F16C3
                                                                                                                                                                                                                        SHA-256:C2C51490787E311148586537B48E10C6CCBBC4CFA0B0DF90108FA5B1923B8921
                                                                                                                                                                                                                        SHA-512:7739C119B0898C1D8DD5D2E6A9342FB42EBA4ED0CB17FA0D19341AFD39B661D0E0D3E9AF257BE8C649D69D518C7F8A17ABEBB7ED52582CAEF7AF41C073388B83
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:W.r.a.p.p.e.d.A.p.p.l.i.c.a.t.i.o.n.I.d.=.G.o.o.g.l.e. .C.h.r.o.m.e...W.r.a.p.p.e.d.R.e.g.i.s.t.r.a.t.i.o.n.=.N.o.n.e...I.n.s.t.a.l.l.S.u.c.c.e.s.s.C.o.d.e.s.=.0...E.l.e.v.a.t.i.o.n.M.o.d.e.=.n.e.v.e.r...B.a.s.e.N.a.m.e.=.a.n.t.e.r.r.a...e.x.e...C.a.b.H.a.s.h.=.3.3.a.9.5.6.f.d.5.6.6.1.2.6.8.8.e.6.3.3.9.d.4.d.4.4.8.6.e.8.7.6.7.a.a.c.9.6.7.a.2.a.c.8.0.8.e.b.9.f.a.d.1.a.f.2.0.b.4.a.c.9.b.6...S.e.t.u.p.P.a.r.a.m.e.t.e.r.s.=./.V.E.R.Y.S.I.L.E.N.T. . ./.V.E.R.Y.S.I.L.E.N.T. ...W.o.r.k.i.n.g.D.i.r.=...C.u.r.r.e.n.t.D.i.r.=.*.S.O.U.R.C.E.D.I.R.*...U.I.L.e.v.e.l.=.5...F.o.c.u.s.=.y.e.s...S.e.s.s.i.o.n.D.i.r.=.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.M.W.-.f.7.6.4.9.0.c.4.-.b.9.0.5.-.4.3.6.a.-.b.b.a.f.-.3.3.2.9.b.c.8.4.a.e.5.f.\...F.i.l.e.s.D.i.r.=.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.M.W.-.f.7.6.4.9.0.c.4.-.b.9.0.5.-.4.3.6.a.-.b.b.a.f.-.3.3.2.9.b.c.8.4.a.e.5.f.\.f.i.l.e.s.\...R.u.n.B.e.f.o.r.e.I.n.s.t.a.l.l.F.i.l.e.=...R.u.n.

                                                                                                                                                                                                                        C:\Windows\Installer\3a9a03.msi

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Google Chrome 131.0.6778.71, Subject: Google Chrome, Author: Google LLC, Keywords: Installer, Template: Intel;1033, Revision Number: {06E54237-1D3F-447A-902F-6205E6A68006}, Create Time/Date: Thu Jan 11 14:59:44 2024, Last Saved Time/Date: Thu Jan 11 14:59:44 2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1908736
                                                                                                                                                                                                                        Entropy (8bit):5.605104857181301
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:Mt9cpVDhSsbTnopGR274VCg0MOg44CGgRynfWMSrcJ:rpRhSppGR0ACg0MOWCwnuMacJ
                                                                                                                                                                                                                        MD5:8EF787B0F11FCB0D5D9FE3B209BB5526
                                                                                                                                                                                                                        SHA1:E5F31BFE6F080679807333760F18281ABFD17ADC
                                                                                                                                                                                                                        SHA-256:D66BDCB1C0A4F2E5452C852E24E001D153A9C9DE1D7A692CB5F1EDE5E056F1FA
                                                                                                                                                                                                                        SHA-512:E492F1C086CAEF83EF92FD8AD8DC569A6EBE8A1D18499845B7CE2CB2DDDAED30BB193EE5F7FE581B67E838FEE81A8E689CD377E0053B201B2590FAFF796D00A0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\MSI9DBC.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                        Size (bytes):212992
                                                                                                                                                                                                                        Entropy (8bit):6.513409725320959
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:xspAtOdmXwCGjtYNKbYO2gjpcm8rRuqpjCL42loHUvU0yGxr5GqM2a8:jtOdiRQYpgjpjew5DHyGxcqo8
                                                                                                                                                                                                                        MD5:0C8921BBCC37C6EFD34FAF44CF3B0CB5
                                                                                                                                                                                                                        SHA1:DCFA71246157EDCD09EECAF9D4C5E360B24B3E49
                                                                                                                                                                                                                        SHA-256:FD622CF73EA951A6DE631063ABA856487D77745DD1500ADCA61902B8DDE56FE1
                                                                                                                                                                                                                        SHA-512:ED55443E20D40CCA90596F0A0542FA5AB83FE0270399ADFAAFD172987FB813DFD44EC0DA0A58C096AF3641003F830341FE259AD5BCE9823F238AE63B7E11E108
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                        • Filename: wE1inOhJA5.msi, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: wE1inOhJA5.msi, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: EVp6NE5N9g.msi, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: EVp6NE5N9g.msi, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: aba5298f.msi, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: aba5298f.msi, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: fO7yt1oYdn.msi, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: fO7yt1oYdn.msi, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: fO7yt1oYdn.msi, Detection: malicious, Browse
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............p...p...p.......p.....p..../.p.......p...q.%.p.......p.....p.....p.Rich..p.........................PE..L...Y..e...........!.....h..........K................................................]....@.........................P...]............P.......................`.....................................p...@...............t............................text....f.......h.................. ..`.rdata...............l..............@..@.data....5..........................@....rsrc........P......................@..@.reloc...)...`...*..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\SourceHash{D425ECE9-AA22-4FB8-9E95-B5A59C391C55}

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                                                                        Entropy (8bit):0.7689374481732436
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12:JSbX72Fj4AGiLIlHVRpZh/7777777777777777777777777vDHFp+xit/l0i8Q:JKQI5tziF
                                                                                                                                                                                                                        MD5:71F6816ADF0DA6F34490D002D94C30A1
                                                                                                                                                                                                                        SHA1:38AE54E09D10ED7ABABE4E4E68EA4C7AC58C9EA7
                                                                                                                                                                                                                        SHA-256:C3414A01E3FACDC0EEE7B916FFAC3B4DE1C940C62D591D2AE86533358968BCF6
                                                                                                                                                                                                                        SHA-512:AA3022B649E38BBB2F712C788945C71601D7091BCD6D01A2E2FE30162E94078498FD866A5A7B4DE637D24F94E17E949D50C703621DAFF23F8862B174AF399D41
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                        Entropy (8bit):1.214039744312883
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:yJquwPveFXJjT5sF5bj9ddSPhrTddSBWr1l:yqQ7TmFYq
                                                                                                                                                                                                                        MD5:DE73A911516D7C2F5BD928B08E75BED2
                                                                                                                                                                                                                        SHA1:850F2D21B97CAC30AA4058D66984B4CB97482981
                                                                                                                                                                                                                        SHA-256:E7838F54780DDEC99088D8955F401D01044E34BBEB0139F6AFD3B096A7335031
                                                                                                                                                                                                                        SHA-512:6AD7199A31DC0DD8AC5F91C7CA9976EA70C1D8BFC1E52C23B35B393BAE80720BA90BFF1974E9385B20FD614FAC8B85F215D18107D08C708B56F389D5FA90C56C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):360001
                                                                                                                                                                                                                        Entropy (8bit):5.362990021074007
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauO:zTtbmkExhMJCIpEj
                                                                                                                                                                                                                        MD5:1C198C68DA4024E1D831E1F119A6BACE
                                                                                                                                                                                                                        SHA1:14F3A61BDF918017618E3F6F2E7761CCCF25B0B6
                                                                                                                                                                                                                        SHA-256:387C52EF402BB0DCEA0BFCDDAB7B6EC6F8507099EA58CB3FE14FE92F4DCE693E
                                                                                                                                                                                                                        SHA-512:97703420A1DAC20CDA21886FE75B87F3E0D0A6121DEE31A8FFA555513739D65B433EDAAFCB30C525A3B78DDF21FEF19DFDF07C946CE033BCDC1CA823D2F4E456
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                        C:\Windows\Temp\~DFCF734CD0CE30AA3D.TMP

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):81920
                                                                                                                                                                                                                        Entropy (8bit):0.10586990789776925
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:JKBT0xJfAebfddipV7kddipVdVgwG8lrkg9S/jI+kMqoo:JQgrfddSBkddSPhrkjIzo
                                                                                                                                                                                                                        MD5:B2F15660D657F52DE53A81F94C50555A
                                                                                                                                                                                                                        SHA1:CF2E97C5DB8BDFFFB07B2B23CF8E8504AA2954A9
                                                                                                                                                                                                                        SHA-256:A60FAF39E617402337B743FE07ECB69FB73155AE32801F341C2F76CE62C84410
                                                                                                                                                                                                                        SHA-512:7B6F0688B08EFA28014D3A44F2ECB8DF188473E9C2580B6FD1785FAEE411C66A573C07C651034F2BF0ED18DA82831233DF5A4289566D8E02C1F39D6F643F17CE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Windows\Temp\~DFDBE736A01738D6FA.TMP

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                        Entropy (8bit):0.07120220492646537
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOlz+Nq1tgVky6lit/:2F0i8n0itFzDHFp+eit/
                                                                                                                                                                                                                        MD5:2DE8AA152F1A278709C6E038966AE283
                                                                                                                                                                                                                        SHA1:6F4C863CC2271413575D8393E5D69E67B18DAECC
                                                                                                                                                                                                                        SHA-256:B63CD55045B77AB9D532C303542AE0BB67C2BE19360A03B7C5CEA7028C203439
                                                                                                                                                                                                                        SHA-512:89C2B4D07155E034907924DE7A67246309D7192CE1C9ED16B1DA670E329EDEF0795D1FCD07A81411F18352245595D18837A945137CA1DBA3FD9072C188483BA9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        \Device\ConDrv

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1014), with CRLF, CR, LF line terminators, with overstriking
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1215
                                                                                                                                                                                                                        Entropy (8bit):3.511303508221948
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:zKcND5QDdXXXXXXXXXXXXXXXXXXXeDYJQn:zKaDK5XXXXXXXXXXXXXXXXXXXe9
                                                                                                                                                                                                                        MD5:F710BD181859C3BEA6DC9FA882A0581B
                                                                                                                                                                                                                        SHA1:7A8592DE63744E390FA43D05C96B43111830B29D
                                                                                                                                                                                                                        SHA-256:18B97DC6E2A9B353374CA281EA9E60C213F740E9E935EBF7758280DB62895273
                                                                                                                                                                                                                        SHA-512:C9D4A47CD4E6D6C4FA93D3E55F7869F7D8B300E4BC5E89862ADF460473A18033BC1199EBE2C2459E6CA1326CF73097A254EB5F0F5ED01E8F310EF002282A4203
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:Microsoft (R) File Expansion Utility..Copyright (c) Microsoft Corporation. All rights reserved.....Adding files\anterra.exe to Extraction Queue....Expanding Files ......Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files.........................

                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Google Chrome 131.0.6778.71, Subject: Google Chrome, Author: Google LLC, Keywords: Installer, Template: Intel;1033, Revision Number: {06E54237-1D3F-447A-902F-6205E6A68006}, Create Time/Date: Thu Jan 11 14:59:44 2024, Last Saved Time/Date: Thu Jan 11 14:59:44 2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
                                                                                                                                                                                                                        Entropy (8bit):5.605104857181301
                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                        • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                                                                                                                                        File name:2Wr5r2e9vo.msi
                                                                                                                                                                                                                        File size:1'908'736 bytes
                                                                                                                                                                                                                        MD5:8ef787b0f11fcb0d5d9fe3b209bb5526
                                                                                                                                                                                                                        SHA1:e5f31bfe6f080679807333760f18281abfd17adc
                                                                                                                                                                                                                        SHA256:d66bdcb1c0a4f2e5452c852e24e001d153a9c9de1d7a692cb5f1ede5e056f1fa
                                                                                                                                                                                                                        SHA512:e492f1c086caef83ef92fd8ad8dc569a6ebe8a1d18499845b7ce2cb2dddaed30bb193ee5f7fe581b67e838fee81a8e689cd377e0053b201b2590faff796d00a0
                                                                                                                                                                                                                        SSDEEP:24576:Mt9cpVDhSsbTnopGR274VCg0MOg44CGgRynfWMSrcJ:rpRhSppGR0ACg0MOWCwnuMacJ
                                                                                                                                                                                                                        TLSH:F29545D13785C127E9470C314E97C399A72AFCE5AA30B08B77A0B71E5B399D36E25312
                                                                                                                                                                                                                        File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                        Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.411829948 CET49797443192.168.2.631.192.232.92
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.411861897 CET4434979731.192.232.92192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.411928892 CET49797443192.168.2.631.192.232.92
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.412733078 CET49797443192.168.2.631.192.232.92
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.412748098 CET4434979731.192.232.92192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.412789106 CET4434979731.192.232.92192.168.2.6

                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Nov 25, 2024 07:42:43.464306116 CET6310653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:43.876997948 CET53631061.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:43.880501032 CET5731853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.405325890 CET53573181.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.413459063 CET6256953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.663211107 CET53625691.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.664470911 CET5232053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.908363104 CET53523201.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.909230947 CET5699953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:45.143069029 CET53569991.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:45.155025959 CET5654253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:45.772722006 CET53565421.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:45.823261023 CET6272253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.057715893 CET53627221.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.182852030 CET5422553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.417078972 CET53542251.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.417956114 CET5772853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.652769089 CET53577281.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.653711081 CET5816853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.880230904 CET53581681.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.881192923 CET5146753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.108027935 CET53514671.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.108850956 CET5095453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.419380903 CET53509541.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.420420885 CET5240753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.734921932 CET53524071.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.736210108 CET5422653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.975377083 CET53542261.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.976500988 CET6062153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:48.209748030 CET53606211.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:48.210808039 CET4923353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:48.461339951 CET53492331.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:48.463329077 CET6528553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:48.772095919 CET53652851.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:48.791054010 CET5752553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:49.026596069 CET53575251.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:49.310750008 CET5407453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:49.621525049 CET53540741.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:49.623070955 CET5845653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:49.860989094 CET53584561.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:49.862099886 CET6308953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:50.175507069 CET53630891.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:50.176597118 CET6216953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:50.486675978 CET53621691.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:50.487739086 CET6342053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:50.805180073 CET53634201.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:50.806289911 CET5698253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.117918968 CET53569821.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.119014025 CET5701753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.357064962 CET53570171.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.358179092 CET6409153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.593477011 CET53640911.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.594341993 CET5979153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.823498964 CET53597911.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.824454069 CET6503353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.054591894 CET53650331.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.076585054 CET5899653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.314260006 CET53589961.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.315563917 CET5716253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.628350019 CET53571621.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.629292965 CET5159953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.860569000 CET53515991.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.861469030 CET5639753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.101443052 CET53563971.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.102334976 CET5592553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.328497887 CET53559251.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.329421997 CET5446153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.637305975 CET53544611.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.638227940 CET4915353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.892999887 CET53491531.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.893789053 CET5252053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:54.213109970 CET53525201.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:54.214035034 CET5653353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:54.833137989 CET53565331.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:54.834059000 CET6009753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.152791977 CET53600971.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.153644085 CET5402853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.402666092 CET53540281.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.403769016 CET6266253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.640198946 CET53626621.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.641443014 CET5835053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.879942894 CET53583501.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.880984068 CET4999553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.130148888 CET53499951.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.131288052 CET5063553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.359009027 CET53506351.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.360151052 CET5323353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.582168102 CET53532331.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.583225012 CET6137653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.812673092 CET53613761.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.813731909 CET6309253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.048571110 CET53630921.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.049815893 CET5704653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.368793964 CET53570461.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.369887114 CET6473853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.681859970 CET53647381.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.683021069 CET5845253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.923152924 CET53584521.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.924798012 CET6168053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.160433054 CET53616801.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.161421061 CET6240453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.387115955 CET53624041.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.388288021 CET5590353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.700515985 CET53559031.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.701956987 CET6312153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.938034058 CET53631211.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.939502954 CET5716453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:59.176297903 CET53571641.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:59.177403927 CET6036953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:59.402385950 CET53603691.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:59.403347015 CET5883553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:59.638278961 CET53588351.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:42:59.639667988 CET5953953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:42:59.952807903 CET53595391.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:00.028580904 CET5115853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:00.263302088 CET53511581.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:00.294835091 CET6010253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:00.525245905 CET53601021.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:00.549355030 CET5340753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:00.807523012 CET53534071.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:00.808516979 CET5970953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.048680067 CET53597091.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.050117016 CET5652553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.295047045 CET53565251.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.295974970 CET5212053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.537347078 CET53521201.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.538409948 CET6180953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.856120110 CET53618091.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.860862017 CET6178953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.173403978 CET53617891.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.177170038 CET5690853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.414078951 CET53569081.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.415323019 CET5139153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.651428938 CET53513911.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.652218103 CET5926553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.900804043 CET53592651.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.902115107 CET6172253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:03.216351986 CET53617221.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:03.219548941 CET5552253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:03.472306967 CET53555221.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:03.507993937 CET5438153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:03.760411978 CET53543811.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:03.800121069 CET6364553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.115869999 CET53636451.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.116976023 CET5916853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.345221043 CET53591681.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.346290112 CET5809653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.570444107 CET53580961.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.571490049 CET5639753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.815239906 CET53563971.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.816287041 CET5075353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.062884092 CET53507531.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.064374924 CET6000353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.373590946 CET53600031.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.374727011 CET5760053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.620500088 CET53576001.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.621646881 CET5533953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.845906973 CET53553391.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.846971989 CET6405353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.072746992 CET53640531.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.073775053 CET5495953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.327953100 CET53549591.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.329042912 CET6100753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.571243048 CET53610071.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.572308064 CET5946153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.881623983 CET53594611.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.882637024 CET5117353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.122221947 CET53511731.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.123203039 CET5156253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.359385014 CET53515621.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.360481977 CET5863553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.597616911 CET53586351.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.598690033 CET5560053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.838146925 CET53556001.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.839215994 CET5528453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.081338882 CET53552841.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.082452059 CET5805953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.329633951 CET53580591.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.330746889 CET5298753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.575721025 CET53529871.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.580909014 CET6474653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.809726000 CET53647461.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.810751915 CET5029253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.035053968 CET53502921.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.036112070 CET5966253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.347517014 CET53596621.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.348423958 CET6433253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.596386909 CET53643321.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.597450018 CET5029453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.827820063 CET53502941.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.828943968 CET5574753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.081800938 CET53557471.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.083009958 CET6091753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.393402100 CET53609171.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.394516945 CET5109653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.705668926 CET53510961.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.706979990 CET5781553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.947154999 CET53578151.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.948496103 CET5595853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.187079906 CET53559581.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.188294888 CET5000053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.425141096 CET53500001.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.426316977 CET6493153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.665942907 CET53649311.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.674643040 CET6127053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.917234898 CET53612701.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.918459892 CET5646853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:12.149837017 CET53564681.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:12.151550055 CET5700853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:12.391664982 CET53570081.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:12.441626072 CET5285353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:12.894018888 CET53528531.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:12.947151899 CET5121353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.181128025 CET53512131.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.182254076 CET5183253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.417880058 CET53518321.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.419017076 CET5059053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.647361040 CET53505901.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.648360968 CET5260553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.874398947 CET53526051.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.875338078 CET5866753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.116621017 CET53586671.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.117770910 CET5830153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.431859970 CET53583011.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.433605909 CET5023353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.673240900 CET53502331.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.674534082 CET5379053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.923985958 CET53537901.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.925183058 CET5624753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:15.234641075 CET53562471.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:15.235819101 CET5518753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:15.460077047 CET53551871.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:15.461658001 CET5260953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:15.706433058 CET53526091.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:15.771589041 CET6060053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:15.998867989 CET53606001.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:16.138097048 CET5816253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:16.453465939 CET53581621.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:16.454595089 CET5448353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:16.693351030 CET53544831.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:16.694472075 CET6145953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.006175041 CET53614591.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.007237911 CET5503853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.239398956 CET53550381.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.240540028 CET5914253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.551119089 CET53591421.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.552164078 CET5194153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.864094019 CET53519411.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.865415096 CET5127153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:18.098277092 CET53512711.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:18.099334002 CET6396953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:18.335284948 CET53639691.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:18.336313009 CET5039653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.057938099 CET53503961.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.124227047 CET5446253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.352587938 CET53544621.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.353621960 CET6391553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.663105965 CET53639151.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.664093971 CET6067453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.909269094 CET53606741.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.910269976 CET5490553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.224685907 CET53549051.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.225688934 CET5719953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.462007999 CET53571991.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.463166952 CET5459253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.690298080 CET53545921.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.691302061 CET5639253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.922532082 CET53563921.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.923909903 CET5023953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:21.239236116 CET53502391.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:21.240528107 CET5583553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:21.484021902 CET53558351.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:21.485487938 CET5454053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:21.716784000 CET53545401.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:21.776146889 CET5152253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.007155895 CET53515221.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.162096024 CET4977953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.380822897 CET53497791.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.504165888 CET6006153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.750464916 CET53600611.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.753050089 CET5793053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.988456964 CET53579301.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.989537954 CET6171953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:23.231245995 CET53617191.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:23.232347012 CET5082153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:23.546083927 CET53508211.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:23.547350883 CET5219153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:23.856034994 CET53521911.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:23.857249975 CET5853753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.166810989 CET53585371.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.168231964 CET5676153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.413969994 CET53567611.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.415196896 CET5507253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.658035994 CET53550721.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.663361073 CET6116353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.901818037 CET53611631.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.915460110 CET5927153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:25.151554108 CET53592711.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:25.246970892 CET6268453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:25.559406996 CET53626841.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:25.568589926 CET5178253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:25.813433886 CET53517821.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:25.814660072 CET5479553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.043581963 CET53547951.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.044840097 CET5063053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.358818054 CET53506301.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.360003948 CET5385753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.597244024 CET53538571.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.598427057 CET5482353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.823875904 CET53548231.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.825088024 CET5599153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.057318926 CET53559911.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.058423042 CET5715053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.301233053 CET53571501.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.302445889 CET6123553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.535701036 CET53612351.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.536880016 CET5605953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.849803925 CET53560591.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.851097107 CET5622653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:28.107491016 CET53562261.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:28.130888939 CET6387653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:28.364573002 CET53638761.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:28.417211056 CET5831553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:28.729388952 CET53583151.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:28.768594980 CET5021853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.008758068 CET53502181.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.009864092 CET5006053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.318506002 CET53500601.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.320116043 CET6288053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.630239010 CET53628801.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.631831884 CET5405353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.944799900 CET53540531.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.949266911 CET5767053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.200145006 CET53576701.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.201216936 CET5306953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.436234951 CET53530691.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.437370062 CET5936953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.660789013 CET53593691.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.661936998 CET6360353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.901300907 CET53636031.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.907953024 CET6282053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.147852898 CET53628201.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.158586025 CET5260953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.385229111 CET53526091.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.399908066 CET6013253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.636288881 CET53601321.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.645375967 CET6530153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.873076916 CET53653011.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.905848026 CET6093453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.144113064 CET53609341.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.145226955 CET5130053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.377203941 CET53513001.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.378634930 CET5582653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.688980103 CET53558261.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.691608906 CET5336653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.924922943 CET53533661.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.926363945 CET4961453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.156320095 CET53496141.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.164741993 CET6493953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.394998074 CET53649391.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.396120071 CET5060053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.709239006 CET53506001.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.710397005 CET6476153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.949033022 CET53647611.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.950059891 CET6545553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:34.265642881 CET53654551.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:34.318192005 CET6011153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:34.549222946 CET53601111.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:34.558356047 CET5576753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:34.872266054 CET53557671.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:34.965249062 CET5576753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.063849926 CET5536853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.102586985 CET53557671.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.301449060 CET53553681.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.302622080 CET5808153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.527666092 CET53580811.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.528698921 CET6243053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.837469101 CET53624301.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.838460922 CET6337753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:36.083643913 CET53633771.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:36.086256027 CET6115253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:36.318451881 CET53611521.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:36.319363117 CET5327253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:36.552597046 CET53532721.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:36.553515911 CET5707153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:36.923939943 CET5707153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.045686007 CET53570711.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.046767950 CET4925553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.061218977 CET53570711.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.273227930 CET53492551.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.274560928 CET6385653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.501923084 CET53638561.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.510082960 CET5144153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.741780043 CET53514411.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.785758018 CET6206253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.025662899 CET53620621.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.043611050 CET5379353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.274369001 CET53537931.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.275501013 CET4938253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.499217987 CET53493821.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.500360966 CET6345853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.750020981 CET53634581.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.751029015 CET6218853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.992010117 CET53621881.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.994399071 CET5360453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:39.242861986 CET53536041.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:39.244103909 CET5529853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:39.482786894 CET53552981.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:39.483690977 CET5192753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:39.791871071 CET53519271.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:39.792783976 CET5813253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.016211033 CET53581321.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.017148018 CET5279753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.265794992 CET53527971.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.266743898 CET6455453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.505139112 CET53645541.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.506114006 CET6312353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.757111073 CET53631231.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.757960081 CET6221753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.012825966 CET53622171.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.013824940 CET6160653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.329078913 CET53616061.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.329997063 CET4919353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.561973095 CET53491931.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.562891006 CET5120253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.886334896 CET53512021.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.887166977 CET6282453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.127613068 CET53628241.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.128591061 CET6551253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.368663073 CET53655121.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.370120049 CET5738453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.606513023 CET53573841.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.617572069 CET5212853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.851171970 CET53521281.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.906753063 CET5687353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.132482052 CET53568731.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.169754982 CET6411053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.388155937 CET53641101.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.388984919 CET5869753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.627223969 CET53586971.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.628256083 CET6100353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.848531008 CET53610031.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.849431992 CET6050653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.101416111 CET53605061.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.102257967 CET6519853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.343830109 CET53651981.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.344846964 CET5304353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.654449940 CET53530431.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.655431986 CET6161253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.969511032 CET53616121.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.970592022 CET6031453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:45.281018972 CET53603141.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:45.281968117 CET5541853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:45.514971018 CET53554181.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:45.516151905 CET5516453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:45.826637030 CET53551641.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:45.841872931 CET4957953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.063884974 CET53495791.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.084501028 CET6441153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.331485033 CET53644111.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.397847891 CET6386353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.632798910 CET53638631.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.633690119 CET5209053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.886451006 CET53520901.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.887439966 CET5482753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:47.197211981 CET53548271.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:47.198232889 CET5260553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:47.509733915 CET53526051.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:47.510571957 CET5362553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:47.737200022 CET53536251.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:47.738086939 CET5538453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.053153038 CET53553841.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.054260015 CET5320053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.290024042 CET53532001.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.290868998 CET6364153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.601294041 CET53636411.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.602947950 CET6330553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.839884996 CET53633051.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.852830887 CET4916753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.162575960 CET53491671.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.195569992 CET5091553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.439954042 CET53509151.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.498979092 CET5285653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.749134064 CET53528561.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.750076056 CET6109953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.990164042 CET53610991.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.991121054 CET5283453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:50.219743967 CET53528341.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:50.220936060 CET4930053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:50.530962944 CET53493001.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:50.532038927 CET5285753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:50.770358086 CET53528571.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:50.771375895 CET5737053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.014132977 CET53573701.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.015032053 CET5353653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.243972063 CET53535361.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.244959116 CET5946553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.488219023 CET53594651.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.489162922 CET5224453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.733827114 CET53522441.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.735234022 CET5382753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.052083969 CET53538271.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.116364002 CET5382753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.126744032 CET6511353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.254209995 CET53538271.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.390455008 CET53651131.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.458657980 CET4993453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.677431107 CET53499341.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.678318024 CET6226453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.929383039 CET53622641.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.930201054 CET6402053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.238243103 CET53640201.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.239197969 CET6257153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.465738058 CET53625711.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.466754913 CET5043953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.695130110 CET53504391.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.696007967 CET5566453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.937638998 CET53556641.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.938606024 CET6315253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.187500000 CET53631521.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.188436985 CET4993953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.436925888 CET53499391.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.437866926 CET6493353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.667213917 CET53649331.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.668432951 CET5018853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.909279108 CET53501881.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.910494089 CET6247653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:55.159779072 CET53624761.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:55.225720882 CET6534353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:55.551537037 CET53653431.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:55.600123882 CET5663053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:55.909738064 CET53566301.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:55.910928965 CET5264153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:56.146229982 CET53526411.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:56.147093058 CET5683353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:56.457927942 CET53568331.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:56.458784103 CET6305453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:56.698515892 CET53630541.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:56.699390888 CET5344453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.007752895 CET53534441.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.008605003 CET5853253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.241225958 CET53585321.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.245102882 CET6095353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.470284939 CET53609531.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.471926928 CET5021853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.714262962 CET53502181.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.715126038 CET5642153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.027463913 CET53564211.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.028471947 CET5341253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.269046068 CET53534121.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.340850115 CET5983153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.586529016 CET53598311.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.671828032 CET6132953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.980000019 CET53613291.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.981062889 CET5797953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.203002930 CET53579791.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.203973055 CET5803353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.438256025 CET53580331.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.439290047 CET6017253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.670105934 CET53601721.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.671089888 CET5107053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.903414965 CET53510701.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.904417038 CET6486953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:00.216659069 CET53648691.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:00.217678070 CET5754153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:00.470738888 CET53575411.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:00.471667051 CET5371753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:00.781317949 CET53537171.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:00.782411098 CET5887753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.026487112 CET53588771.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.028171062 CET5560653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.269742966 CET53556061.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.296113014 CET5534653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.541486979 CET53553461.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.547884941 CET6157353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.786108017 CET53615731.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.908490896 CET6157353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.985766888 CET5699553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.048063993 CET53615731.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.249149084 CET53569951.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.250134945 CET5100453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.480557919 CET53510041.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.481414080 CET5885553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.733845949 CET53588551.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.734766006 CET5147453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.974003077 CET53514741.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.974865913 CET5889553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.211910009 CET53588951.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.213344097 CET6474053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.455249071 CET53647401.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.456264973 CET6324153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.698102951 CET53632411.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.699150085 CET6274753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.946463108 CET53627471.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.947475910 CET6167453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:04.188389063 CET53616741.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:04.189583063 CET5048453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:04.435045958 CET53504841.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:04.447952032 CET6522353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:04.675648928 CET53652231.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:04.677423954 CET5650253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:04.899713039 CET53565021.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:05.010627031 CET5391653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:05.246804953 CET53539161.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:05.247859001 CET5684853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:05.555862904 CET53568481.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:05.556890965 CET6418853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:05.790980101 CET53641881.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:05.792088032 CET6537653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.016784906 CET53653761.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.018018007 CET5762053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.333933115 CET53576201.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.340368032 CET4978753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.654351950 CET53497871.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.655307055 CET6507253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.874938965 CET53650721.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.875865936 CET4920253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.197145939 CET53492021.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.198827028 CET5965553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.433290958 CET53596551.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.459960938 CET6007653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.705730915 CET53600761.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.715811014 CET5919653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.956087112 CET53591961.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.964306116 CET6535153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.196630955 CET53653511.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.335654974 CET6535153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.351620913 CET6532253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.476399899 CET53653511.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.590045929 CET53653221.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.591502905 CET6541053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.838795900 CET53654101.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.842700958 CET5633953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.089219093 CET53563391.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.090524912 CET6181153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.340167046 CET53618111.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.341471910 CET5349453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.583197117 CET53534941.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.584546089 CET4981353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.822994947 CET53498131.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.825234890 CET6150753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:10.056111097 CET53615071.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:10.063687086 CET5829153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:10.374075890 CET53582911.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:10.381644011 CET6308253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:10.625415087 CET53630821.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:10.633656025 CET5800653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:10.865286112 CET53580061.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:11.881622076 CET5800653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:11.909925938 CET5818953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.018609047 CET53580061.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.145020008 CET53581891.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.146327019 CET6376753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.401329041 CET53637671.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.402265072 CET5450653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.632859945 CET53545061.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.634340048 CET6374153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.876761913 CET53637411.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.877840042 CET6113053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.104465008 CET53611301.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.105410099 CET5554953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.419819117 CET53555491.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.424015999 CET5577553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.733840942 CET53557751.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.735666037 CET5374953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.972490072 CET53537491.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.976507902 CET5817853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.212250948 CET53581781.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.214147091 CET5959353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.447740078 CET53595931.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.448784113 CET5851053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.680013895 CET53585101.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.680834055 CET5276853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.924366951 CET53527681.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.925415993 CET5773153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.158324003 CET53577311.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.159195900 CET5934453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.472670078 CET53593441.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.473614931 CET6256453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.701895952 CET53625641.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.707961082 CET5561753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.964088917 CET53556171.1.1.1192.168.2.6
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.967694998 CET5306853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Nov 25, 2024 07:44:16.276987076 CET53530681.1.1.1192.168.2.6

                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Nov 25, 2024 07:42:43.464306116 CET192.168.2.61.1.1.10xd229Standard query (0)qckwwsmukogkeuge.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:43.880501032 CET192.168.2.61.1.1.10x3aa2Standard query (0)keoqiqigggqkcykq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.413459063 CET192.168.2.61.1.1.10x2f7fStandard query (0)kqsamcsauqiagmma.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.664470911 CET192.168.2.61.1.1.10x1b53Standard query (0)mocikyoeikocwkuc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.909230947 CET192.168.2.61.1.1.10x8e75Standard query (0)uymiagmwmqmimewm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:45.155025959 CET192.168.2.61.1.1.10x8dfdStandard query (0)gcikuiqswcgsscog.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:45.823261023 CET192.168.2.61.1.1.10xd346Standard query (0)qwmaokcmiwuqqyes.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.182852030 CET192.168.2.61.1.1.10x4c77Standard query (0)igaiseoqksuoukqg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.417956114 CET192.168.2.61.1.1.10xd216Standard query (0)kqukwaogqoucsaas.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.653711081 CET192.168.2.61.1.1.10x1306Standard query (0)miacggmycyqikoyq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.881192923 CET192.168.2.61.1.1.10x9b49Standard query (0)woceumwmwioocusa.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.108850956 CET192.168.2.61.1.1.10x9dc4Standard query (0)acgcaiyykiigugms.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.420420885 CET192.168.2.61.1.1.10xdd7eStandard query (0)cogsyycsuwoysugi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.736210108 CET192.168.2.61.1.1.10x5267Standard query (0)oekyamueeiiousia.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.976500988 CET192.168.2.61.1.1.10xc806Standard query (0)wukaqiusicksuguo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:48.210808039 CET192.168.2.61.1.1.10x1b9dStandard query (0)yyusosuyycoeikgo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:48.463329077 CET192.168.2.61.1.1.10x8895Standard query (0)kqoceoymymoicqky.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:48.791054010 CET192.168.2.61.1.1.10x323fStandard query (0)uykkwkqqemamguwa.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:49.310750008 CET192.168.2.61.1.1.10xbb0cStandard query (0)oyekqyccewougasu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:49.623070955 CET192.168.2.61.1.1.10xdd53Standard query (0)ymsaymyugccysmow.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:49.862099886 CET192.168.2.61.1.1.10xba84Standard query (0)omuquowgiusiesgk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:50.176597118 CET192.168.2.61.1.1.10x6936Standard query (0)wiywykakusaygisc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:50.487739086 CET192.168.2.61.1.1.10x38a6Standard query (0)aqmqywkwsmmayyoi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:50.806289911 CET192.168.2.61.1.1.10x2558Standard query (0)cuccygameukkeumw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.119014025 CET192.168.2.61.1.1.10xae3eStandard query (0)ukekykoqskumoikg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.358179092 CET192.168.2.61.1.1.10x358fStandard query (0)uyqcacmsiquuwggq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.594341993 CET192.168.2.61.1.1.10xf99aStandard query (0)ysoqqwckkqssyigm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.824454069 CET192.168.2.61.1.1.10x3f6dStandard query (0)yyemsyoimicqmais.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.076585054 CET192.168.2.61.1.1.10xcd23Standard query (0)miigookwguakmkeu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.315563917 CET192.168.2.61.1.1.10x3707Standard query (0)qiuswcgwaqgemwcg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.629292965 CET192.168.2.61.1.1.10xc2b7Standard query (0)wuusiiukmwcmimyk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.861469030 CET192.168.2.61.1.1.10x7b7eStandard query (0)uqyukkamycuaimsu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.102334976 CET192.168.2.61.1.1.10x15d5Standard query (0)woeamasicuiqyckq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.329421997 CET192.168.2.61.1.1.10x3556Standard query (0)akaueuwoocwkkoya.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.638227940 CET192.168.2.61.1.1.10xe51fStandard query (0)qciqgoeogwwmwkcw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.893789053 CET192.168.2.61.1.1.10xed96Standard query (0)ucwesqiquqggymqe.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:54.214035034 CET192.168.2.61.1.1.10x82daStandard query (0)mgseamqmgkqcuewy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:54.834059000 CET192.168.2.61.1.1.10x51d1Standard query (0)gaoweoyqcuuykwgu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.153644085 CET192.168.2.61.1.1.10x8441Standard query (0)oqegmuqkgyaywwmc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.403769016 CET192.168.2.61.1.1.10x9388Standard query (0)qusmiuqmmgqsgeci.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.641443014 CET192.168.2.61.1.1.10x767dStandard query (0)yqcakkmwigkaumii.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.880984068 CET192.168.2.61.1.1.10x42d5Standard query (0)qokykyyigsyqggqe.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.131288052 CET192.168.2.61.1.1.10x6124Standard query (0)cyyyokugycioysok.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.360151052 CET192.168.2.61.1.1.10x8f21Standard query (0)iqcaysimoeeqamky.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.583225012 CET192.168.2.61.1.1.10x62e1Standard query (0)yekiwquqaacesqqq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.813731909 CET192.168.2.61.1.1.10x99d8Standard query (0)gmooqswyuuqaiomi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.049815893 CET192.168.2.61.1.1.10xe9deStandard query (0)kuiomoiwauwckqeq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.369887114 CET192.168.2.61.1.1.10x9712Standard query (0)ceucuuwiwwuiweaq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.683021069 CET192.168.2.61.1.1.10x894eStandard query (0)cycscsqyqkeaykgc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.924798012 CET192.168.2.61.1.1.10xfc58Standard query (0)ssagiiaauyewiswa.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.161421061 CET192.168.2.61.1.1.10x11d8Standard query (0)ggwsuoyyioagegkw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.388288021 CET192.168.2.61.1.1.10xdd12Standard query (0)ieikmuieoqqmugwu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.701956987 CET192.168.2.61.1.1.10xf999Standard query (0)kcqkucqkogqiuukw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.939502954 CET192.168.2.61.1.1.10xbe41Standard query (0)oqouwceoowyiwgag.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:59.177403927 CET192.168.2.61.1.1.10x5aa2Standard query (0)gakowseyscmeqkya.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:59.403347015 CET192.168.2.61.1.1.10xb66cStandard query (0)quisoakcuqsygyyc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:59.639667988 CET192.168.2.61.1.1.10x7718Standard query (0)auuisqaykqgeesae.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:00.028580904 CET192.168.2.61.1.1.10x8dfbStandard query (0)iyawyckqggkwsyoq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:00.294835091 CET192.168.2.61.1.1.10x8099Standard query (0)ecmyomcaicqysoqw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:00.549355030 CET192.168.2.61.1.1.10x61b0Standard query (0)iqcqqquiwomgsmma.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:00.808516979 CET192.168.2.61.1.1.10x522eStandard query (0)ssegwgieumyoasym.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.050117016 CET192.168.2.61.1.1.10x7786Standard query (0)ceeomiecgymecgau.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.295974970 CET192.168.2.61.1.1.10xa807Standard query (0)myisokqwsmqeusuy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.538409948 CET192.168.2.61.1.1.10xb2c0Standard query (0)ywkamsiogkycyosy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.860862017 CET192.168.2.61.1.1.10xb985Standard query (0)ggkyecqguqkkuoso.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.177170038 CET192.168.2.61.1.1.10xd9a4Standard query (0)kcyoeiykekuqkkmg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.415323019 CET192.168.2.61.1.1.10x3debStandard query (0)ikwyuqgsegcgcccg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.652218103 CET192.168.2.61.1.1.10xd6b4Standard query (0)wgswkwaesqqwkoaa.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.902115107 CET192.168.2.61.1.1.10xae12Standard query (0)eqkkkcuwkiqiecac.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:03.219548941 CET192.168.2.61.1.1.10xf36bStandard query (0)kigcewceemkckeow.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:03.507993937 CET192.168.2.61.1.1.10x54bcStandard query (0)ykaimcgigakggwec.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:03.800121069 CET192.168.2.61.1.1.10x13a8Standard query (0)uceaygkekiassamu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.116976023 CET192.168.2.61.1.1.10xdc61Standard query (0)seioywksogeseqig.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.346290112 CET192.168.2.61.1.1.10x2252Standard query (0)ssoqscyewimqiqme.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.571490049 CET192.168.2.61.1.1.10x8bf5Standard query (0)kocgeaeoakgqewog.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.816287041 CET192.168.2.61.1.1.10x15faStandard query (0)kuiqsugkqeoscguo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.064374924 CET192.168.2.61.1.1.10xe3aeStandard query (0)kcsqwmkusesaccwa.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.374727011 CET192.168.2.61.1.1.10xd791Standard query (0)ywyawywiuyecuiuu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.621646881 CET192.168.2.61.1.1.10xf5b5Standard query (0)uowowiqiyeiuwmcc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.846971989 CET192.168.2.61.1.1.10x3f27Standard query (0)uokqeaieowiogsgc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.073775053 CET192.168.2.61.1.1.10xbf61Standard query (0)ikoqkscwsowwukmi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.329042912 CET192.168.2.61.1.1.10x5712Standard query (0)iymukyseoieqccac.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.572308064 CET192.168.2.61.1.1.10x5b28Standard query (0)qascmswkaisogoaq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.882637024 CET192.168.2.61.1.1.10x5710Standard query (0)gacgceaygaecuguy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.123203039 CET192.168.2.61.1.1.10xfa8bStandard query (0)eqyyguuwsyqaqgsq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.360481977 CET192.168.2.61.1.1.10x1600Standard query (0)ewywcoeukaoaegci.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.598690033 CET192.168.2.61.1.1.10x3cbdStandard query (0)mmygsewuukqkiiok.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.839215994 CET192.168.2.61.1.1.10xa25fStandard query (0)wgyimykogekgewoa.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.082452059 CET192.168.2.61.1.1.10xeb69Standard query (0)uiguoqqagkiuagyc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.330746889 CET192.168.2.61.1.1.10xe12fStandard query (0)kcesagqugouwkqyg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.580909014 CET192.168.2.61.1.1.10x94c9Standard query (0)yqeugeoquqsokgqk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.810751915 CET192.168.2.61.1.1.10xce73Standard query (0)eigkgwkyuqssgamw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.036112070 CET192.168.2.61.1.1.10xd9e1Standard query (0)waqmyueimmyiuawq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.348423958 CET192.168.2.61.1.1.10x985aStandard query (0)qgukewuuykmmkgeq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.597450018 CET192.168.2.61.1.1.10x9757Standard query (0)gmwcscokucowyogs.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.828943968 CET192.168.2.61.1.1.10xfe28Standard query (0)ywegqamoegumacgi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.083009958 CET192.168.2.61.1.1.10x3a9cStandard query (0)yquocucuqoywwcsu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.394516945 CET192.168.2.61.1.1.10xc079Standard query (0)eqmeimmouegoasay.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.706979990 CET192.168.2.61.1.1.10x10aStandard query (0)cykgmsqcgysgaioo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.948496103 CET192.168.2.61.1.1.10xf254Standard query (0)oqoemaogyoikomiy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.188294888 CET192.168.2.61.1.1.10x22e9Standard query (0)qoiiomimuoaqgeku.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.426316977 CET192.168.2.61.1.1.10x3abbStandard query (0)wgymkeismmiemsqq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.674643040 CET192.168.2.61.1.1.10x8669Standard query (0)ykocagogmeiwmymy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.918459892 CET192.168.2.61.1.1.10xb0deStandard query (0)csoqiicgaaiyyoom.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:12.151550055 CET192.168.2.61.1.1.10x6438Standard query (0)koioiiwouukqousy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:12.441626072 CET192.168.2.61.1.1.10x3e18Standard query (0)okkyekwuommcicqi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:12.947151899 CET192.168.2.61.1.1.10x229bStandard query (0)ecacmycegqoaquio.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.182254076 CET192.168.2.61.1.1.10xd5a8Standard query (0)skgcsksqyekiymii.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.419017076 CET192.168.2.61.1.1.10xb3bcStandard query (0)kckcekceqgcyqcsa.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.648360968 CET192.168.2.61.1.1.10xe054Standard query (0)uoaeyoycyycqkoci.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.875338078 CET192.168.2.61.1.1.10x4213Standard query (0)wsaekoiomeagsaes.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.117770910 CET192.168.2.61.1.1.10x6a53Standard query (0)iqmeccigieosgmwq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.433605909 CET192.168.2.61.1.1.10x4bcbStandard query (0)ggeqowwmmmeekigg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.674534082 CET192.168.2.61.1.1.10xbd89Standard query (0)sssawsmmkmuyqsaq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.925183058 CET192.168.2.61.1.1.10x997bStandard query (0)ecmckkeyoskcigeu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:15.235819101 CET192.168.2.61.1.1.10xe747Standard query (0)quoqoooiamqkkosc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:15.461658001 CET192.168.2.61.1.1.10xd5Standard query (0)waokmuyyeooamowm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:15.771589041 CET192.168.2.61.1.1.10x2809Standard query (0)ykomskascimimomo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:16.138097048 CET192.168.2.61.1.1.10x4dbaStandard query (0)mmisquwegymayaee.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:16.454595089 CET192.168.2.61.1.1.10xe18bStandard query (0)mmyukmsqamgicqai.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:16.694472075 CET192.168.2.61.1.1.10x5f90Standard query (0)ikwyooieywakeqog.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.007237911 CET192.168.2.61.1.1.10xdcbcStandard query (0)mgwmkyyqckeewgce.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.240540028 CET192.168.2.61.1.1.10x2e8fStandard query (0)owoksuegymmgesys.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.552164078 CET192.168.2.61.1.1.10xdd03Standard query (0)aamuskacaaiycguu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.865415096 CET192.168.2.61.1.1.10x601bStandard query (0)yegskieoocgoamyi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:18.099334002 CET192.168.2.61.1.1.10xebeStandard query (0)aaiouwywwcwuuasm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:18.336313009 CET192.168.2.61.1.1.10x2d37Standard query (0)kuoqgwooymgsqaum.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.124227047 CET192.168.2.61.1.1.10x95afStandard query (0)myoyccuwcyaygceg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.353621960 CET192.168.2.61.1.1.10x87cbStandard query (0)ggqgwuaseamkyywa.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.664093971 CET192.168.2.61.1.1.10xb176Standard query (0)uwimwwicgcscuoku.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.910269976 CET192.168.2.61.1.1.10x44afStandard query (0)cyyukyomsoiqyyqa.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.225688934 CET192.168.2.61.1.1.10x8769Standard query (0)gaisoawuoicqsumy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.463166952 CET192.168.2.61.1.1.10x5603Standard query (0)qogsmcecyusiyaim.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.691302061 CET192.168.2.61.1.1.10xeec2Standard query (0)ykqocceawkwoagmc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.923909903 CET192.168.2.61.1.1.10xe2f5Standard query (0)aosywgkogcissggi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:21.240528107 CET192.168.2.61.1.1.10x638fStandard query (0)ieywwkeuouoqgqms.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:21.485487938 CET192.168.2.61.1.1.10x5cf8Standard query (0)ecgkeyeueawgcuqo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:21.776146889 CET192.168.2.61.1.1.10xc8ecStandard query (0)guimuaoiecmouigq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.162096024 CET192.168.2.61.1.1.10x5e64Standard query (0)ggkyuooyikmqoscw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.504165888 CET192.168.2.61.1.1.10x8030Standard query (0)uoeeuiaewmogugeo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.753050089 CET192.168.2.61.1.1.10x4781Standard query (0)okgeqaswygsgykme.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.989537954 CET192.168.2.61.1.1.10x6f74Standard query (0)ywqiciegywcouoiy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:23.232347012 CET192.168.2.61.1.1.10x82f0Standard query (0)qgkgogieieoomkqq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:23.547350883 CET192.168.2.61.1.1.10xd3a1Standard query (0)qgkmsekougssaawq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:23.857249975 CET192.168.2.61.1.1.10x227Standard query (0)ggmwwewskeiggosq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.168231964 CET192.168.2.61.1.1.10x2aabStandard query (0)eqgwaamacqweiwie.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.415196896 CET192.168.2.61.1.1.10xde5aStandard query (0)wmqcgwcegsomeqas.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.663361073 CET192.168.2.61.1.1.10xbd75Standard query (0)oqummowmqwcgsegm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.915460110 CET192.168.2.61.1.1.10x78adStandard query (0)qoowyoueaaaccgqs.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:25.246970892 CET192.168.2.61.1.1.10xa43Standard query (0)csiykwakekqoqaym.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:25.568589926 CET192.168.2.61.1.1.10xc67eStandard query (0)mmymmauyiiksiugu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:25.814660072 CET192.168.2.61.1.1.10xb983Standard query (0)cseksqccmgaieyic.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.044840097 CET192.168.2.61.1.1.10xbc8Standard query (0)cykgucwkesokooyw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.360003948 CET192.168.2.61.1.1.10x807aStandard query (0)okoguckagygoqqgk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.598427057 CET192.168.2.61.1.1.10x74a8Standard query (0)cyswykkcmggyiqwo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.825088024 CET192.168.2.61.1.1.10xfff7Standard query (0)gmmacaiigwcscggs.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.058423042 CET192.168.2.61.1.1.10x304Standard query (0)yequgaccqouegcmw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.302445889 CET192.168.2.61.1.1.10x6cbcStandard query (0)sksiyqgummyycgmi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.536880016 CET192.168.2.61.1.1.10xb78dStandard query (0)skekiggeimmceqcg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.851097107 CET192.168.2.61.1.1.10x69a1Standard query (0)eiqqequeskcqiqmw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:28.130888939 CET192.168.2.61.1.1.10xf1d4Standard query (0)ecsamoyaimquqwow.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:28.417211056 CET192.168.2.61.1.1.10x5765Standard query (0)aiyksmkyqgyaemiw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:28.768594980 CET192.168.2.61.1.1.10xc10eStandard query (0)owewoieiwasaueco.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.009864092 CET192.168.2.61.1.1.10x141bStandard query (0)aoymcmmeqqqgwwca.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.320116043 CET192.168.2.61.1.1.10xd61dStandard query (0)iygsiugeeogoeiyi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.631831884 CET192.168.2.61.1.1.10x9299Standard query (0)quuemeewaqaiiyqc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.949266911 CET192.168.2.61.1.1.10x95a9Standard query (0)wggikwiqowiwqcqg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.201216936 CET192.168.2.61.1.1.10x68e0Standard query (0)ucuiiwcwwgimkyyi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.437370062 CET192.168.2.61.1.1.10xc093Standard query (0)koiugmaqgkawaiyw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.661936998 CET192.168.2.61.1.1.10x501Standard query (0)waeqkmeeasauygum.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.907953024 CET192.168.2.61.1.1.10xbe20Standard query (0)ecimsaauyieykegi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.158586025 CET192.168.2.61.1.1.10x7837Standard query (0)ocsqocikkcggeaaw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.399908066 CET192.168.2.61.1.1.10xc4Standard query (0)iyaqqeamygmakcgo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.645375967 CET192.168.2.61.1.1.10x951fStandard query (0)uowgcyqcgaqiumoi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.905848026 CET192.168.2.61.1.1.10x8272Standard query (0)myymasomksgeawqw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.145226955 CET192.168.2.61.1.1.10xe508Standard query (0)myaueqycgeikwagc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.378634930 CET192.168.2.61.1.1.10xbe47Standard query (0)seoomaqwwimwueiw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.691608906 CET192.168.2.61.1.1.10xa3c8Standard query (0)mgeycqkiwggsymyc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.926363945 CET192.168.2.61.1.1.10xccabStandard query (0)ikgkgaaqqsmomuim.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.164741993 CET192.168.2.61.1.1.10xe4d3Standard query (0)ieuaeqceycqyqygk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.396120071 CET192.168.2.61.1.1.10x40cbStandard query (0)waeqwwagawqkksya.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.710397005 CET192.168.2.61.1.1.10xa22bStandard query (0)mmeuqmoaekswggoe.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.950059891 CET192.168.2.61.1.1.10x13baStandard query (0)ucyoqcksaiiwgqae.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:34.318192005 CET192.168.2.61.1.1.10x1da3Standard query (0)aoosomigeaiewqom.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:34.558356047 CET192.168.2.61.1.1.10xd1adStandard query (0)cyqaqqcqamemsiog.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:34.965249062 CET192.168.2.61.1.1.10xd1adStandard query (0)cyqaqqcqamemsiog.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.063849926 CET192.168.2.61.1.1.10x61feStandard query (0)wacqigcacsemkyos.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.302622080 CET192.168.2.61.1.1.10x312eStandard query (0)yqocoeikiyacyuck.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.528698921 CET192.168.2.61.1.1.10xcc03Standard query (0)ywcuqkkmmqioiwqk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.838460922 CET192.168.2.61.1.1.10xada7Standard query (0)waqcciyigkuoygqy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:36.086256027 CET192.168.2.61.1.1.10x882Standard query (0)ceoqyeiycqkumwao.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:36.319363117 CET192.168.2.61.1.1.10xd088Standard query (0)aauquiiqeugcwswc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:36.553515911 CET192.168.2.61.1.1.10xf9e8Standard query (0)uoeiymqawsqiyuck.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:36.923939943 CET192.168.2.61.1.1.10xf9e8Standard query (0)uoeiymqawsqiyuck.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.046767950 CET192.168.2.61.1.1.10x4996Standard query (0)yqceweqmaumwwywy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.274560928 CET192.168.2.61.1.1.10x6503Standard query (0)eqmycgagykgkqwsu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.510082960 CET192.168.2.61.1.1.10xebe9Standard query (0)seuuicaewuoaumes.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.785758018 CET192.168.2.61.1.1.10xaee2Standard query (0)aomaeyokqgsuomii.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.043611050 CET192.168.2.61.1.1.10xadf7Standard query (0)waqucgoeeeeymeii.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.275501013 CET192.168.2.61.1.1.10x3e15Standard query (0)oqacqgmiaaewmmey.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.500360966 CET192.168.2.61.1.1.10x6351Standard query (0)ykeaoyaycoiamqey.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.751029015 CET192.168.2.61.1.1.10x7807Standard query (0)csmgwcogqqcwseka.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.994399071 CET192.168.2.61.1.1.10xa638Standard query (0)auowmussgaesgwas.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:39.244103909 CET192.168.2.61.1.1.10x670fStandard query (0)aikmouciiqgecoqi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:39.483690977 CET192.168.2.61.1.1.10x7a96Standard query (0)koecgqggegimaeya.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:39.792783976 CET192.168.2.61.1.1.10xec83Standard query (0)aawqwccomcemcysm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.017148018 CET192.168.2.61.1.1.10x48feStandard query (0)kcyakwisycecaqgw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.266743898 CET192.168.2.61.1.1.10x9eb7Standard query (0)uogksceymossmmqc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.506114006 CET192.168.2.61.1.1.10xbb94Standard query (0)qgmyeeguweaukuke.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.757960081 CET192.168.2.61.1.1.10x6f1dStandard query (0)mywaqkeaawisisky.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.013824940 CET192.168.2.61.1.1.10x7819Standard query (0)yqqsggacauiiugka.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.329997063 CET192.168.2.61.1.1.10x37d9Standard query (0)equmqmqwuuuioawa.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.562891006 CET192.168.2.61.1.1.10xf8c0Standard query (0)wmoamsauiwauoosg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.887166977 CET192.168.2.61.1.1.10x626cStandard query (0)oqsakkimkesccikc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.128591061 CET192.168.2.61.1.1.10x4deStandard query (0)mgiwaegaqyyaakwy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.370120049 CET192.168.2.61.1.1.10x1bbaStandard query (0)ucmioacycscyeouk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.617572069 CET192.168.2.61.1.1.10x64eStandard query (0)qumaseqmggyaiauq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.906753063 CET192.168.2.61.1.1.10xbe38Standard query (0)uccyyemqaiiksuwm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.169754982 CET192.168.2.61.1.1.10x9b2aStandard query (0)sesyieaiesegeaow.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.388984919 CET192.168.2.61.1.1.10xb3daStandard query (0)kccmicaswqmswwak.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.628256083 CET192.168.2.61.1.1.10xbcffStandard query (0)mssaogwocegysoow.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.849431992 CET192.168.2.61.1.1.10x902aStandard query (0)wssaqmakumewmaes.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.102257967 CET192.168.2.61.1.1.10x6b65Standard query (0)cmukociggiqcouio.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.344846964 CET192.168.2.61.1.1.10xd48Standard query (0)skyqsyyymyacyayc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.655431986 CET192.168.2.61.1.1.10x751bStandard query (0)uoigsiqmemcscosu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.970592022 CET192.168.2.61.1.1.10xaad7Standard query (0)kuywuskkgqsigqqs.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:45.281968117 CET192.168.2.61.1.1.10x552bStandard query (0)auayomwkewcomwas.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:45.516151905 CET192.168.2.61.1.1.10x4777Standard query (0)iyaikmkkowcqemsi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:45.841872931 CET192.168.2.61.1.1.10x120dStandard query (0)ggicikyqcaiyguee.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.084501028 CET192.168.2.61.1.1.10x1d1cStandard query (0)oqyaoykomyoygics.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.397847891 CET192.168.2.61.1.1.10xd86fStandard query (0)eqakguiwiqacqiwg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.633690119 CET192.168.2.61.1.1.10x34e7Standard query (0)wgcaouuqqqwucogy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.887439966 CET192.168.2.61.1.1.10xfe01Standard query (0)ewacuagosgqmuocm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:47.198232889 CET192.168.2.61.1.1.10x19b5Standard query (0)wgqyouayikuyuqmk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:47.510571957 CET192.168.2.61.1.1.10xff7eStandard query (0)owaaygsacguucaye.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:47.738086939 CET192.168.2.61.1.1.10x44b6Standard query (0)uwgicagyykoommga.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.054260015 CET192.168.2.61.1.1.10xd554Standard query (0)uiggameqqycugsqw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.290868998 CET192.168.2.61.1.1.10x5430Standard query (0)goguooqkgysueime.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.602947950 CET192.168.2.61.1.1.10x9c90Standard query (0)keosqeosukqcooco.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.852830887 CET192.168.2.61.1.1.10x1991Standard query (0)maoeeogmuauywsyu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.195569992 CET192.168.2.61.1.1.10xd5c4Standard query (0)ismqaewykmoiguki.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.498979092 CET192.168.2.61.1.1.10xd5ccStandard query (0)wucwykasawokemaw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.750076056 CET192.168.2.61.1.1.10x8cf3Standard query (0)ukmcqucewskcqygg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.991121054 CET192.168.2.61.1.1.10xb26aStandard query (0)qqqmeagkkosgcayo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:50.220936060 CET192.168.2.61.1.1.10x3c63Standard query (0)ysawassgkwqygmmq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:50.532038927 CET192.168.2.61.1.1.10xc208Standard query (0)osaeyoiqoqawauga.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:50.771375895 CET192.168.2.61.1.1.10xb326Standard query (0)iagisciiyoemgwaa.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.015032053 CET192.168.2.61.1.1.10xa53dStandard query (0)ymysimqoykwqeqiq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.244959116 CET192.168.2.61.1.1.10xbbb3Standard query (0)ymmcwogyimsuqmcc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.489162922 CET192.168.2.61.1.1.10x5b67Standard query (0)osmoygyawqmmimkq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.735234022 CET192.168.2.61.1.1.10xae62Standard query (0)immyecuqwkiyscys.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.116364002 CET192.168.2.61.1.1.10xae62Standard query (0)immyecuqwkiyscys.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.126744032 CET192.168.2.61.1.1.10xe829Standard query (0)omsqkuiwcwoegooq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.458657980 CET192.168.2.61.1.1.10xfe63Standard query (0)ukaiiiyqoooycyqm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.678318024 CET192.168.2.61.1.1.10x4405Standard query (0)isemauqkwwiumyky.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.930201054 CET192.168.2.61.1.1.10xbd8cStandard query (0)keguuyioweymiaws.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.239197969 CET192.168.2.61.1.1.10x1b75Standard query (0)kwaywmaequkqccai.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.466754913 CET192.168.2.61.1.1.10xda5aStandard query (0)yyimcoiwgckeakcm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.696007967 CET192.168.2.61.1.1.10x3f68Standard query (0)ekcwemuekgqsimae.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.938606024 CET192.168.2.61.1.1.10xa591Standard query (0)imigkomgmqgmakqk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.188436985 CET192.168.2.61.1.1.10x58aeStandard query (0)omasqkwqyskcagwi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.437866926 CET192.168.2.61.1.1.10xfaa7Standard query (0)awyomscgweuqmgaw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.668432951 CET192.168.2.61.1.1.10x74d5Standard query (0)eyoyssauceguqwmk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.910494089 CET192.168.2.61.1.1.10x3eefStandard query (0)gwwcqeykmseicgaw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:55.225720882 CET192.168.2.61.1.1.10x69efStandard query (0)qwywqgsmgaoiwsga.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:55.600123882 CET192.168.2.61.1.1.10x64d0Standard query (0)ososwckwcqmmwqcy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:55.910928965 CET192.168.2.61.1.1.10x4a41Standard query (0)osaymwoggqqycmse.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:56.147093058 CET192.168.2.61.1.1.10xdea3Standard query (0)oyewqwkusieeoqey.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:56.458784103 CET192.168.2.61.1.1.10x7e29Standard query (0)ommwaqgaemsmcqwc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:56.699390888 CET192.168.2.61.1.1.10x2522Standard query (0)cauewwukyywyqiei.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.008605003 CET192.168.2.61.1.1.10xc086Standard query (0)goeykqccmemkswom.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.245102882 CET192.168.2.61.1.1.10xbf81Standard query (0)aksuakswwkiimamq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.471926928 CET192.168.2.61.1.1.10x925aStandard query (0)isaeicumkcuwqmqq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.715126038 CET192.168.2.61.1.1.10xc0f6Standard query (0)qiswokuokugiooky.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.028471947 CET192.168.2.61.1.1.10x1ccfStandard query (0)qiswcssocuqsaqkq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.340850115 CET192.168.2.61.1.1.10xbd45Standard query (0)qcyksokwumicscaa.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.671828032 CET192.168.2.61.1.1.10x1decStandard query (0)esiaisyasoaoqwki.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.981062889 CET192.168.2.61.1.1.10x154eStandard query (0)giqukkwwcwgqcisg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.203973055 CET192.168.2.61.1.1.10x8034Standard query (0)ymqaaskiwomkucuy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.439290047 CET192.168.2.61.1.1.10xf38eStandard query (0)akueuaicusaoieiy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.671089888 CET192.168.2.61.1.1.10xd2acStandard query (0)sauygqecsusickcu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.904417038 CET192.168.2.61.1.1.10x9e39Standard query (0)kkwkgmcoawgaoiwg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:00.217678070 CET192.168.2.61.1.1.10x575fStandard query (0)saumycuogqsqykes.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:00.471667051 CET192.168.2.61.1.1.10x8832Standard query (0)ukyokaigmmkumgoa.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:00.782411098 CET192.168.2.61.1.1.10x8328Standard query (0)eswweuycwwiiykwo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.028171062 CET192.168.2.61.1.1.10x54acStandard query (0)uksgyqiqaaiaiesi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.296113014 CET192.168.2.61.1.1.10xd9Standard query (0)smckcsaioceiyasu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.547884941 CET192.168.2.61.1.1.10x6389Standard query (0)esimsqgcwwwmyoqc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.908490896 CET192.168.2.61.1.1.10x6389Standard query (0)esimsqgcwwwmyoqc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.985766888 CET192.168.2.61.1.1.10x521fStandard query (0)maiyuocqqiqiiskw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.250134945 CET192.168.2.61.1.1.10x558Standard query (0)smaaowemwiwggocu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.481414080 CET192.168.2.61.1.1.10x16edStandard query (0)kwuuwgemogmuomwq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.734766006 CET192.168.2.61.1.1.10x668dStandard query (0)ukicsmiwggcwksam.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.974865913 CET192.168.2.61.1.1.10x45d3Standard query (0)gwamoggwyegsseao.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.213344097 CET192.168.2.61.1.1.10x8d9aStandard query (0)immcqsiceooqyaay.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.456264973 CET192.168.2.61.1.1.10x5d02Standard query (0)kkcqgowgkcoyokcu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.699150085 CET192.168.2.61.1.1.10x2c7aStandard query (0)kecgikusmakuksma.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.947475910 CET192.168.2.61.1.1.10x9013Standard query (0)ymuiggyusggsymoi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:04.189583063 CET192.168.2.61.1.1.10x6099Standard query (0)uecouukwkuceyuwg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:04.447952032 CET192.168.2.61.1.1.10x5db7Standard query (0)eyoaceoookqskqmy.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:04.677423954 CET192.168.2.61.1.1.10x92c5Standard query (0)awwomgcseeqwkkom.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:05.010627031 CET192.168.2.61.1.1.10xfb46Standard query (0)keykoekseemyiewq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:05.247859001 CET192.168.2.61.1.1.10x3e4fStandard query (0)ysiwwoeeaaskykaw.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:05.556890965 CET192.168.2.61.1.1.10xc1f2Standard query (0)kwmcuwccqmuecgea.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:05.792088032 CET192.168.2.61.1.1.10x7aa3Standard query (0)gwyooeiscmwguqms.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.018018007 CET192.168.2.61.1.1.10x332aStandard query (0)wuokiysmiucoucak.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.340368032 CET192.168.2.61.1.1.10x2843Standard query (0)wuuiumemmigyyauq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.655307055 CET192.168.2.61.1.1.10x6cf2Standard query (0)acwomuuukiomgqkm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.875865936 CET192.168.2.61.1.1.10xc457Standard query (0)muwqwgaaymomgwmi.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.198827028 CET192.168.2.61.1.1.10x7b38Standard query (0)omgcoecwsqiuqyug.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.459960938 CET192.168.2.61.1.1.10xdf36Standard query (0)kqmsgskwgemyueya.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.715811014 CET192.168.2.61.1.1.10x62ccStandard query (0)eyiyueewuaqmmwcm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.964306116 CET192.168.2.61.1.1.10x9775Standard query (0)gwoyamckoqoaauoq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.335654974 CET192.168.2.61.1.1.10x9775Standard query (0)gwoyamckoqoaauoq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.351620913 CET192.168.2.61.1.1.10x3c5aStandard query (0)qwqsoyoqkymakowm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.591502905 CET192.168.2.61.1.1.10x94b8Standard query (0)gcmiymmqgwuquokm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.842700958 CET192.168.2.61.1.1.10xedf0Standard query (0)ymseciekayuweoww.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.090524912 CET192.168.2.61.1.1.10x12c9Standard query (0)oyocwswugeiqqyoo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.341471910 CET192.168.2.61.1.1.10x1e44Standard query (0)omgooecquoweeomo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.584546089 CET192.168.2.61.1.1.10x743dStandard query (0)imgeoyougkmmeuec.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.825234890 CET192.168.2.61.1.1.10x78b3Standard query (0)smoswyoekkccyuga.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:10.063687086 CET192.168.2.61.1.1.10xffb2Standard query (0)suwkomiqcykeyako.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:10.381644011 CET192.168.2.61.1.1.10x3108Standard query (0)smwsugycuuckemue.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:10.633656025 CET192.168.2.61.1.1.10x9b26Standard query (0)qigcqiaomwieqwka.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:11.881622076 CET192.168.2.61.1.1.10x9b26Standard query (0)qigcqiaomwieqwka.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:11.909925938 CET192.168.2.61.1.1.10xee06Standard query (0)oekcyqqggaegsesm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.146327019 CET192.168.2.61.1.1.10xa2ebStandard query (0)qcoysaaooaiccqyu.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.402265072 CET192.168.2.61.1.1.10xc3d8Standard query (0)mismuqiygyeysaoo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.634340048 CET192.168.2.61.1.1.10x9de6Standard query (0)wockoyekyageakcg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.877840042 CET192.168.2.61.1.1.10x233dStandard query (0)ososokqeakgguwsq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.105410099 CET192.168.2.61.1.1.10xca31Standard query (0)wcgqccqcugomywua.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.424015999 CET192.168.2.61.1.1.10xa849Standard query (0)aqaqgemescmwsqks.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.735666037 CET192.168.2.61.1.1.10x5419Standard query (0)aqiwocaywcswuwsq.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.976507902 CET192.168.2.61.1.1.10x8d6dStandard query (0)aqgmgoqcoqqkguyk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.214147091 CET192.168.2.61.1.1.10x7501Standard query (0)oywgqkusocouysua.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.448784113 CET192.168.2.61.1.1.10xccb6Standard query (0)uyygagweoagcuqky.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.680834055 CET192.168.2.61.1.1.10x4ab7Standard query (0)muiccguyaeaqwweg.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.925415993 CET192.168.2.61.1.1.10x5651Standard query (0)qiqueqokwqqgwwci.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.159195900 CET192.168.2.61.1.1.10x4eeStandard query (0)uygmgoymcwcgkios.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.473614931 CET192.168.2.61.1.1.10xacc4Standard query (0)qiyggmguowygeooc.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.707961082 CET192.168.2.61.1.1.10xb130Standard query (0)acacoiqgoimayqwm.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.967694998 CET192.168.2.61.1.1.10xd08fStandard query (0)smisyqewaummmwoc.xyzA (IP address)IN (0x0001)false

                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Nov 25, 2024 07:42:03.725416899 CET1.1.1.1192.168.2.60x3343No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:03.725416899 CET1.1.1.1192.168.2.60x3343No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.405325890 CET1.1.1.1192.168.2.60x3aa2No error (0)keoqiqigggqkcykq.xyz31.192.232.92A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.663211107 CET1.1.1.1192.168.2.60x2f7fName error (3)kqsamcsauqiagmma.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.908363104 CET1.1.1.1192.168.2.60x1b53Name error (3)mocikyoeikocwkuc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:45.143069029 CET1.1.1.1192.168.2.60x8e75Name error (3)uymiagmwmqmimewm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:45.772722006 CET1.1.1.1192.168.2.60x8dfdName error (3)gcikuiqswcgsscog.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.057715893 CET1.1.1.1192.168.2.60xd346Name error (3)qwmaokcmiwuqqyes.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.417078972 CET1.1.1.1192.168.2.60x4c77Name error (3)igaiseoqksuoukqg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.652769089 CET1.1.1.1192.168.2.60xd216Name error (3)kqukwaogqoucsaas.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:46.880230904 CET1.1.1.1192.168.2.60x1306Name error (3)miacggmycyqikoyq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.108027935 CET1.1.1.1192.168.2.60x9b49Name error (3)woceumwmwioocusa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.419380903 CET1.1.1.1192.168.2.60x9dc4Name error (3)acgcaiyykiigugms.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.734921932 CET1.1.1.1192.168.2.60xdd7eName error (3)cogsyycsuwoysugi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:47.975377083 CET1.1.1.1192.168.2.60x5267Name error (3)oekyamueeiiousia.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:48.209748030 CET1.1.1.1192.168.2.60xc806Name error (3)wukaqiusicksuguo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:48.461339951 CET1.1.1.1192.168.2.60x1b9dName error (3)yyusosuyycoeikgo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:48.772095919 CET1.1.1.1192.168.2.60x8895Name error (3)kqoceoymymoicqky.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:49.026596069 CET1.1.1.1192.168.2.60x323fName error (3)uykkwkqqemamguwa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:49.621525049 CET1.1.1.1192.168.2.60xbb0cName error (3)oyekqyccewougasu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:49.860989094 CET1.1.1.1192.168.2.60xdd53Name error (3)ymsaymyugccysmow.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:50.175507069 CET1.1.1.1192.168.2.60xba84Name error (3)omuquowgiusiesgk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:50.486675978 CET1.1.1.1192.168.2.60x6936Name error (3)wiywykakusaygisc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:50.805180073 CET1.1.1.1192.168.2.60x38a6Name error (3)aqmqywkwsmmayyoi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.117918968 CET1.1.1.1192.168.2.60x2558Name error (3)cuccygameukkeumw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.357064962 CET1.1.1.1192.168.2.60xae3eName error (3)ukekykoqskumoikg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.593477011 CET1.1.1.1192.168.2.60x358fName error (3)uyqcacmsiquuwggq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:51.823498964 CET1.1.1.1192.168.2.60xf99aName error (3)ysoqqwckkqssyigm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.054591894 CET1.1.1.1192.168.2.60x3f6dName error (3)yyemsyoimicqmais.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.314260006 CET1.1.1.1192.168.2.60xcd23Name error (3)miigookwguakmkeu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.628350019 CET1.1.1.1192.168.2.60x3707Name error (3)qiuswcgwaqgemwcg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:52.860569000 CET1.1.1.1192.168.2.60xc2b7Name error (3)wuusiiukmwcmimyk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.101443052 CET1.1.1.1192.168.2.60x7b7eName error (3)uqyukkamycuaimsu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.328497887 CET1.1.1.1192.168.2.60x15d5Name error (3)woeamasicuiqyckq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.637305975 CET1.1.1.1192.168.2.60x3556Name error (3)akaueuwoocwkkoya.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:53.892999887 CET1.1.1.1192.168.2.60xe51fName error (3)qciqgoeogwwmwkcw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:54.213109970 CET1.1.1.1192.168.2.60xed96Name error (3)ucwesqiquqggymqe.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:54.833137989 CET1.1.1.1192.168.2.60x82daName error (3)mgseamqmgkqcuewy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.152791977 CET1.1.1.1192.168.2.60x51d1Name error (3)gaoweoyqcuuykwgu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.402666092 CET1.1.1.1192.168.2.60x8441Name error (3)oqegmuqkgyaywwmc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.640198946 CET1.1.1.1192.168.2.60x9388Name error (3)qusmiuqmmgqsgeci.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:55.879942894 CET1.1.1.1192.168.2.60x767dName error (3)yqcakkmwigkaumii.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.130148888 CET1.1.1.1192.168.2.60x42d5Name error (3)qokykyyigsyqggqe.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.359009027 CET1.1.1.1192.168.2.60x6124Name error (3)cyyyokugycioysok.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.582168102 CET1.1.1.1192.168.2.60x8f21Name error (3)iqcaysimoeeqamky.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:56.812673092 CET1.1.1.1192.168.2.60x62e1Name error (3)yekiwquqaacesqqq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.048571110 CET1.1.1.1192.168.2.60x99d8Name error (3)gmooqswyuuqaiomi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.368793964 CET1.1.1.1192.168.2.60xe9deName error (3)kuiomoiwauwckqeq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.681859970 CET1.1.1.1192.168.2.60x9712Name error (3)ceucuuwiwwuiweaq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:57.923152924 CET1.1.1.1192.168.2.60x894eName error (3)cycscsqyqkeaykgc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.160433054 CET1.1.1.1192.168.2.60xfc58Name error (3)ssagiiaauyewiswa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.387115955 CET1.1.1.1192.168.2.60x11d8Name error (3)ggwsuoyyioagegkw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.700515985 CET1.1.1.1192.168.2.60xdd12Name error (3)ieikmuieoqqmugwu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:58.938034058 CET1.1.1.1192.168.2.60xf999Name error (3)kcqkucqkogqiuukw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:59.176297903 CET1.1.1.1192.168.2.60xbe41Name error (3)oqouwceoowyiwgag.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:59.402385950 CET1.1.1.1192.168.2.60x5aa2Name error (3)gakowseyscmeqkya.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:59.638278961 CET1.1.1.1192.168.2.60xb66cName error (3)quisoakcuqsygyyc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:42:59.952807903 CET1.1.1.1192.168.2.60x7718Name error (3)auuisqaykqgeesae.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:00.263302088 CET1.1.1.1192.168.2.60x8dfbName error (3)iyawyckqggkwsyoq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:00.525245905 CET1.1.1.1192.168.2.60x8099Name error (3)ecmyomcaicqysoqw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:00.807523012 CET1.1.1.1192.168.2.60x61b0Name error (3)iqcqqquiwomgsmma.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.048680067 CET1.1.1.1192.168.2.60x522eName error (3)ssegwgieumyoasym.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.295047045 CET1.1.1.1192.168.2.60x7786Name error (3)ceeomiecgymecgau.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.537347078 CET1.1.1.1192.168.2.60xa807Name error (3)myisokqwsmqeusuy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:01.856120110 CET1.1.1.1192.168.2.60xb2c0Name error (3)ywkamsiogkycyosy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.173403978 CET1.1.1.1192.168.2.60xb985Name error (3)ggkyecqguqkkuoso.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.362637043 CET1.1.1.1192.168.2.60x1c99No error (0)g-bing-com.ax-0001.ax-msedge.netax-0001.ax-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.362637043 CET1.1.1.1192.168.2.60x1c99No error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.362637043 CET1.1.1.1192.168.2.60x1c99No error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.414078951 CET1.1.1.1192.168.2.60xd9a4Name error (3)kcyoeiykekuqkkmg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.651428938 CET1.1.1.1192.168.2.60x3debName error (3)ikwyuqgsegcgcccg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:02.900804043 CET1.1.1.1192.168.2.60xd6b4Name error (3)wgswkwaesqqwkoaa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:03.216351986 CET1.1.1.1192.168.2.60xae12Name error (3)eqkkkcuwkiqiecac.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:03.472306967 CET1.1.1.1192.168.2.60xf36bName error (3)kigcewceemkckeow.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:03.760411978 CET1.1.1.1192.168.2.60x54bcName error (3)ykaimcgigakggwec.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.115869999 CET1.1.1.1192.168.2.60x13a8Name error (3)uceaygkekiassamu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.345221043 CET1.1.1.1192.168.2.60xdc61Name error (3)seioywksogeseqig.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.570444107 CET1.1.1.1192.168.2.60x2252Name error (3)ssoqscyewimqiqme.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:04.815239906 CET1.1.1.1192.168.2.60x8bf5Name error (3)kocgeaeoakgqewog.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.062884092 CET1.1.1.1192.168.2.60x15faName error (3)kuiqsugkqeoscguo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.373590946 CET1.1.1.1192.168.2.60xe3aeName error (3)kcsqwmkusesaccwa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.620500088 CET1.1.1.1192.168.2.60xd791Name error (3)ywyawywiuyecuiuu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:05.845906973 CET1.1.1.1192.168.2.60xf5b5Name error (3)uowowiqiyeiuwmcc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.072746992 CET1.1.1.1192.168.2.60x3f27Name error (3)uokqeaieowiogsgc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.327953100 CET1.1.1.1192.168.2.60xbf61Name error (3)ikoqkscwsowwukmi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.571243048 CET1.1.1.1192.168.2.60x5712Name error (3)iymukyseoieqccac.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:06.881623983 CET1.1.1.1192.168.2.60x5b28Name error (3)qascmswkaisogoaq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.122221947 CET1.1.1.1192.168.2.60x5710Name error (3)gacgceaygaecuguy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.359385014 CET1.1.1.1192.168.2.60xfa8bName error (3)eqyyguuwsyqaqgsq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.597616911 CET1.1.1.1192.168.2.60x1600Name error (3)ewywcoeukaoaegci.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:07.838146925 CET1.1.1.1192.168.2.60x3cbdName error (3)mmygsewuukqkiiok.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.081338882 CET1.1.1.1192.168.2.60xa25fName error (3)wgyimykogekgewoa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.329633951 CET1.1.1.1192.168.2.60xeb69Name error (3)uiguoqqagkiuagyc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.575721025 CET1.1.1.1192.168.2.60xe12fName error (3)kcesagqugouwkqyg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:08.809726000 CET1.1.1.1192.168.2.60x94c9Name error (3)yqeugeoquqsokgqk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.035053968 CET1.1.1.1192.168.2.60xce73Name error (3)eigkgwkyuqssgamw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.347517014 CET1.1.1.1192.168.2.60xd9e1Name error (3)waqmyueimmyiuawq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.596386909 CET1.1.1.1192.168.2.60x985aName error (3)qgukewuuykmmkgeq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:09.827820063 CET1.1.1.1192.168.2.60x9757Name error (3)gmwcscokucowyogs.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.081800938 CET1.1.1.1192.168.2.60xfe28Name error (3)ywegqamoegumacgi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.393402100 CET1.1.1.1192.168.2.60x3a9cName error (3)yquocucuqoywwcsu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.705668926 CET1.1.1.1192.168.2.60xc079Name error (3)eqmeimmouegoasay.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:10.947154999 CET1.1.1.1192.168.2.60x10aName error (3)cykgmsqcgysgaioo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.187079906 CET1.1.1.1192.168.2.60xf254Name error (3)oqoemaogyoikomiy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.425141096 CET1.1.1.1192.168.2.60x22e9Name error (3)qoiiomimuoaqgeku.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.665942907 CET1.1.1.1192.168.2.60x3abbName error (3)wgymkeismmiemsqq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:11.917234898 CET1.1.1.1192.168.2.60x8669Name error (3)ykocagogmeiwmymy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:12.149837017 CET1.1.1.1192.168.2.60xb0deName error (3)csoqiicgaaiyyoom.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:12.391664982 CET1.1.1.1192.168.2.60x6438Name error (3)koioiiwouukqousy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:12.894018888 CET1.1.1.1192.168.2.60x3e18Name error (3)okkyekwuommcicqi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.181128025 CET1.1.1.1192.168.2.60x229bName error (3)ecacmycegqoaquio.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.417880058 CET1.1.1.1192.168.2.60xd5a8Name error (3)skgcsksqyekiymii.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.647361040 CET1.1.1.1192.168.2.60xb3bcName error (3)kckcekceqgcyqcsa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:13.874398947 CET1.1.1.1192.168.2.60xe054Name error (3)uoaeyoycyycqkoci.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.116621017 CET1.1.1.1192.168.2.60x4213Name error (3)wsaekoiomeagsaes.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.431859970 CET1.1.1.1192.168.2.60x6a53Name error (3)iqmeccigieosgmwq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.673240900 CET1.1.1.1192.168.2.60x4bcbName error (3)ggeqowwmmmeekigg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:14.923985958 CET1.1.1.1192.168.2.60xbd89Name error (3)sssawsmmkmuyqsaq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:15.234641075 CET1.1.1.1192.168.2.60x997bName error (3)ecmckkeyoskcigeu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:15.460077047 CET1.1.1.1192.168.2.60xe747Name error (3)quoqoooiamqkkosc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:15.706433058 CET1.1.1.1192.168.2.60xd5Name error (3)waokmuyyeooamowm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:15.998867989 CET1.1.1.1192.168.2.60x2809Name error (3)ykomskascimimomo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:16.453465939 CET1.1.1.1192.168.2.60x4dbaName error (3)mmisquwegymayaee.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:16.693351030 CET1.1.1.1192.168.2.60xe18bName error (3)mmyukmsqamgicqai.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.006175041 CET1.1.1.1192.168.2.60x5f90Name error (3)ikwyooieywakeqog.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.239398956 CET1.1.1.1192.168.2.60xdcbcName error (3)mgwmkyyqckeewgce.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.551119089 CET1.1.1.1192.168.2.60x2e8fName error (3)owoksuegymmgesys.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:17.864094019 CET1.1.1.1192.168.2.60xdd03Name error (3)aamuskacaaiycguu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:18.098277092 CET1.1.1.1192.168.2.60x601bName error (3)yegskieoocgoamyi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:18.335284948 CET1.1.1.1192.168.2.60xebeName error (3)aaiouwywwcwuuasm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.057938099 CET1.1.1.1192.168.2.60x2d37Name error (3)kuoqgwooymgsqaum.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.352587938 CET1.1.1.1192.168.2.60x95afName error (3)myoyccuwcyaygceg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.663105965 CET1.1.1.1192.168.2.60x87cbName error (3)ggqgwuaseamkyywa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:19.909269094 CET1.1.1.1192.168.2.60xb176Name error (3)uwimwwicgcscuoku.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.224685907 CET1.1.1.1192.168.2.60x44afName error (3)cyyukyomsoiqyyqa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.462007999 CET1.1.1.1192.168.2.60x8769Name error (3)gaisoawuoicqsumy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.690298080 CET1.1.1.1192.168.2.60x5603Name error (3)qogsmcecyusiyaim.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:20.922532082 CET1.1.1.1192.168.2.60xeec2Name error (3)ykqocceawkwoagmc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:21.239236116 CET1.1.1.1192.168.2.60xe2f5Name error (3)aosywgkogcissggi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:21.484021902 CET1.1.1.1192.168.2.60x638fName error (3)ieywwkeuouoqgqms.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:21.716784000 CET1.1.1.1192.168.2.60x5cf8Name error (3)ecgkeyeueawgcuqo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.007155895 CET1.1.1.1192.168.2.60xc8ecName error (3)guimuaoiecmouigq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.380822897 CET1.1.1.1192.168.2.60x5e64Name error (3)ggkyuooyikmqoscw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.750464916 CET1.1.1.1192.168.2.60x8030Name error (3)uoeeuiaewmogugeo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:22.988456964 CET1.1.1.1192.168.2.60x4781Name error (3)okgeqaswygsgykme.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:23.231245995 CET1.1.1.1192.168.2.60x6f74Name error (3)ywqiciegywcouoiy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:23.546083927 CET1.1.1.1192.168.2.60x82f0Name error (3)qgkgogieieoomkqq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:23.856034994 CET1.1.1.1192.168.2.60xd3a1Name error (3)qgkmsekougssaawq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.166810989 CET1.1.1.1192.168.2.60x227Name error (3)ggmwwewskeiggosq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.413969994 CET1.1.1.1192.168.2.60x2aabName error (3)eqgwaamacqweiwie.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.658035994 CET1.1.1.1192.168.2.60xde5aName error (3)wmqcgwcegsomeqas.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:24.901818037 CET1.1.1.1192.168.2.60xbd75Name error (3)oqummowmqwcgsegm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:25.151554108 CET1.1.1.1192.168.2.60x78adName error (3)qoowyoueaaaccgqs.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:25.559406996 CET1.1.1.1192.168.2.60xa43Name error (3)csiykwakekqoqaym.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:25.813433886 CET1.1.1.1192.168.2.60xc67eName error (3)mmymmauyiiksiugu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.043581963 CET1.1.1.1192.168.2.60xb983Name error (3)cseksqccmgaieyic.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.358818054 CET1.1.1.1192.168.2.60xbc8Name error (3)cykgucwkesokooyw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.597244024 CET1.1.1.1192.168.2.60x807aName error (3)okoguckagygoqqgk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:26.823875904 CET1.1.1.1192.168.2.60x74a8Name error (3)cyswykkcmggyiqwo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.057318926 CET1.1.1.1192.168.2.60xfff7Name error (3)gmmacaiigwcscggs.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.301233053 CET1.1.1.1192.168.2.60x304Name error (3)yequgaccqouegcmw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.535701036 CET1.1.1.1192.168.2.60x6cbcName error (3)sksiyqgummyycgmi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:27.849803925 CET1.1.1.1192.168.2.60xb78dName error (3)skekiggeimmceqcg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:28.107491016 CET1.1.1.1192.168.2.60x69a1Name error (3)eiqqequeskcqiqmw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:28.364573002 CET1.1.1.1192.168.2.60xf1d4Name error (3)ecsamoyaimquqwow.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:28.729388952 CET1.1.1.1192.168.2.60x5765Name error (3)aiyksmkyqgyaemiw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.008758068 CET1.1.1.1192.168.2.60xc10eName error (3)owewoieiwasaueco.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.318506002 CET1.1.1.1192.168.2.60x141bName error (3)aoymcmmeqqqgwwca.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.630239010 CET1.1.1.1192.168.2.60xd61dName error (3)iygsiugeeogoeiyi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:29.944799900 CET1.1.1.1192.168.2.60x9299Name error (3)quuemeewaqaiiyqc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.200145006 CET1.1.1.1192.168.2.60x95a9Name error (3)wggikwiqowiwqcqg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.436234951 CET1.1.1.1192.168.2.60x68e0Name error (3)ucuiiwcwwgimkyyi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.660789013 CET1.1.1.1192.168.2.60xc093Name error (3)koiugmaqgkawaiyw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:30.901300907 CET1.1.1.1192.168.2.60x501Name error (3)waeqkmeeasauygum.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.147852898 CET1.1.1.1192.168.2.60xbe20Name error (3)ecimsaauyieykegi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.385229111 CET1.1.1.1192.168.2.60x7837Name error (3)ocsqocikkcggeaaw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.636288881 CET1.1.1.1192.168.2.60xc4Name error (3)iyaqqeamygmakcgo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:31.873076916 CET1.1.1.1192.168.2.60x951fName error (3)uowgcyqcgaqiumoi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.144113064 CET1.1.1.1192.168.2.60x8272Name error (3)myymasomksgeawqw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.377203941 CET1.1.1.1192.168.2.60xe508Name error (3)myaueqycgeikwagc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.688980103 CET1.1.1.1192.168.2.60xbe47Name error (3)seoomaqwwimwueiw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:32.924922943 CET1.1.1.1192.168.2.60xa3c8Name error (3)mgeycqkiwggsymyc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.156320095 CET1.1.1.1192.168.2.60xccabName error (3)ikgkgaaqqsmomuim.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.394998074 CET1.1.1.1192.168.2.60xe4d3Name error (3)ieuaeqceycqyqygk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.709239006 CET1.1.1.1192.168.2.60x40cbName error (3)waeqwwagawqkksya.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:33.949033022 CET1.1.1.1192.168.2.60xa22bName error (3)mmeuqmoaekswggoe.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:34.265642881 CET1.1.1.1192.168.2.60x13baName error (3)ucyoqcksaiiwgqae.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:34.549222946 CET1.1.1.1192.168.2.60x1da3Name error (3)aoosomigeaiewqom.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:34.872266054 CET1.1.1.1192.168.2.60xd1adName error (3)cyqaqqcqamemsiog.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.102586985 CET1.1.1.1192.168.2.60xd1adName error (3)cyqaqqcqamemsiog.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.301449060 CET1.1.1.1192.168.2.60x61feName error (3)wacqigcacsemkyos.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.527666092 CET1.1.1.1192.168.2.60x312eName error (3)yqocoeikiyacyuck.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:35.837469101 CET1.1.1.1192.168.2.60xcc03Name error (3)ywcuqkkmmqioiwqk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:36.083643913 CET1.1.1.1192.168.2.60xada7Name error (3)waqcciyigkuoygqy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:36.318451881 CET1.1.1.1192.168.2.60x882Name error (3)ceoqyeiycqkumwao.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:36.552597046 CET1.1.1.1192.168.2.60xd088Name error (3)aauquiiqeugcwswc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.045686007 CET1.1.1.1192.168.2.60xf9e8Name error (3)uoeiymqawsqiyuck.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.061218977 CET1.1.1.1192.168.2.60xf9e8Name error (3)uoeiymqawsqiyuck.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.273227930 CET1.1.1.1192.168.2.60x4996Name error (3)yqceweqmaumwwywy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.501923084 CET1.1.1.1192.168.2.60x6503Name error (3)eqmycgagykgkqwsu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:37.741780043 CET1.1.1.1192.168.2.60xebe9Name error (3)seuuicaewuoaumes.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.025662899 CET1.1.1.1192.168.2.60xaee2Name error (3)aomaeyokqgsuomii.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.274369001 CET1.1.1.1192.168.2.60xadf7Name error (3)waqucgoeeeeymeii.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.499217987 CET1.1.1.1192.168.2.60x3e15Name error (3)oqacqgmiaaewmmey.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.750020981 CET1.1.1.1192.168.2.60x6351Name error (3)ykeaoyaycoiamqey.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:38.992010117 CET1.1.1.1192.168.2.60x7807Name error (3)csmgwcogqqcwseka.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:39.242861986 CET1.1.1.1192.168.2.60xa638Name error (3)auowmussgaesgwas.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:39.482786894 CET1.1.1.1192.168.2.60x670fName error (3)aikmouciiqgecoqi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:39.791871071 CET1.1.1.1192.168.2.60x7a96Name error (3)koecgqggegimaeya.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.016211033 CET1.1.1.1192.168.2.60xec83Name error (3)aawqwccomcemcysm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.265794992 CET1.1.1.1192.168.2.60x48feName error (3)kcyakwisycecaqgw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.505139112 CET1.1.1.1192.168.2.60x9eb7Name error (3)uogksceymossmmqc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:40.757111073 CET1.1.1.1192.168.2.60xbb94Name error (3)qgmyeeguweaukuke.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.012825966 CET1.1.1.1192.168.2.60x6f1dName error (3)mywaqkeaawisisky.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.329078913 CET1.1.1.1192.168.2.60x7819Name error (3)yqqsggacauiiugka.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.561973095 CET1.1.1.1192.168.2.60x37d9Name error (3)equmqmqwuuuioawa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:41.886334896 CET1.1.1.1192.168.2.60xf8c0Name error (3)wmoamsauiwauoosg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.127613068 CET1.1.1.1192.168.2.60x626cName error (3)oqsakkimkesccikc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.368663073 CET1.1.1.1192.168.2.60x4deName error (3)mgiwaegaqyyaakwy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.606513023 CET1.1.1.1192.168.2.60x1bbaName error (3)ucmioacycscyeouk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:42.851171970 CET1.1.1.1192.168.2.60x64eName error (3)qumaseqmggyaiauq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.132482052 CET1.1.1.1192.168.2.60xbe38Name error (3)uccyyemqaiiksuwm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.388155937 CET1.1.1.1192.168.2.60x9b2aName error (3)sesyieaiesegeaow.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.627223969 CET1.1.1.1192.168.2.60xb3daName error (3)kccmicaswqmswwak.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:43.848531008 CET1.1.1.1192.168.2.60xbcffName error (3)mssaogwocegysoow.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.101416111 CET1.1.1.1192.168.2.60x902aName error (3)wssaqmakumewmaes.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.343830109 CET1.1.1.1192.168.2.60x6b65Name error (3)cmukociggiqcouio.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.654449940 CET1.1.1.1192.168.2.60xd48Name error (3)skyqsyyymyacyayc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:44.969511032 CET1.1.1.1192.168.2.60x751bName error (3)uoigsiqmemcscosu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:45.281018972 CET1.1.1.1192.168.2.60xaad7Name error (3)kuywuskkgqsigqqs.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:45.514971018 CET1.1.1.1192.168.2.60x552bName error (3)auayomwkewcomwas.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:45.826637030 CET1.1.1.1192.168.2.60x4777Name error (3)iyaikmkkowcqemsi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.063884974 CET1.1.1.1192.168.2.60x120dName error (3)ggicikyqcaiyguee.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.331485033 CET1.1.1.1192.168.2.60x1d1cName error (3)oqyaoykomyoygics.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.632798910 CET1.1.1.1192.168.2.60xd86fName error (3)eqakguiwiqacqiwg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:46.886451006 CET1.1.1.1192.168.2.60x34e7Name error (3)wgcaouuqqqwucogy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:47.197211981 CET1.1.1.1192.168.2.60xfe01Name error (3)ewacuagosgqmuocm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:47.509733915 CET1.1.1.1192.168.2.60x19b5Name error (3)wgqyouayikuyuqmk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:47.737200022 CET1.1.1.1192.168.2.60xff7eName error (3)owaaygsacguucaye.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.053153038 CET1.1.1.1192.168.2.60x44b6Name error (3)uwgicagyykoommga.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.290024042 CET1.1.1.1192.168.2.60xd554Name error (3)uiggameqqycugsqw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.601294041 CET1.1.1.1192.168.2.60x5430Name error (3)goguooqkgysueime.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:48.839884996 CET1.1.1.1192.168.2.60x9c90Name error (3)keosqeosukqcooco.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.162575960 CET1.1.1.1192.168.2.60x1991Name error (3)maoeeogmuauywsyu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.439954042 CET1.1.1.1192.168.2.60xd5c4Name error (3)ismqaewykmoiguki.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.749134064 CET1.1.1.1192.168.2.60xd5ccName error (3)wucwykasawokemaw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:49.990164042 CET1.1.1.1192.168.2.60x8cf3Name error (3)ukmcqucewskcqygg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:50.219743967 CET1.1.1.1192.168.2.60xb26aName error (3)qqqmeagkkosgcayo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:50.530962944 CET1.1.1.1192.168.2.60x3c63Name error (3)ysawassgkwqygmmq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:50.770358086 CET1.1.1.1192.168.2.60xc208Name error (3)osaeyoiqoqawauga.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.014132977 CET1.1.1.1192.168.2.60xb326Name error (3)iagisciiyoemgwaa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.243972063 CET1.1.1.1192.168.2.60xa53dName error (3)ymysimqoykwqeqiq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.488219023 CET1.1.1.1192.168.2.60xbbb3Name error (3)ymmcwogyimsuqmcc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:51.733827114 CET1.1.1.1192.168.2.60x5b67Name error (3)osmoygyawqmmimkq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.052083969 CET1.1.1.1192.168.2.60xae62Name error (3)immyecuqwkiyscys.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.254209995 CET1.1.1.1192.168.2.60xae62Name error (3)immyecuqwkiyscys.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.390455008 CET1.1.1.1192.168.2.60xe829Name error (3)omsqkuiwcwoegooq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.677431107 CET1.1.1.1192.168.2.60xfe63Name error (3)ukaiiiyqoooycyqm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:52.929383039 CET1.1.1.1192.168.2.60x4405Name error (3)isemauqkwwiumyky.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.238243103 CET1.1.1.1192.168.2.60xbd8cName error (3)keguuyioweymiaws.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.465738058 CET1.1.1.1192.168.2.60x1b75Name error (3)kwaywmaequkqccai.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.695130110 CET1.1.1.1192.168.2.60xda5aName error (3)yyimcoiwgckeakcm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:53.937638998 CET1.1.1.1192.168.2.60x3f68Name error (3)ekcwemuekgqsimae.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.187500000 CET1.1.1.1192.168.2.60xa591Name error (3)imigkomgmqgmakqk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.436925888 CET1.1.1.1192.168.2.60x58aeName error (3)omasqkwqyskcagwi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.667213917 CET1.1.1.1192.168.2.60xfaa7Name error (3)awyomscgweuqmgaw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:54.909279108 CET1.1.1.1192.168.2.60x74d5Name error (3)eyoyssauceguqwmk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:55.159779072 CET1.1.1.1192.168.2.60x3eefName error (3)gwwcqeykmseicgaw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:55.551537037 CET1.1.1.1192.168.2.60x69efName error (3)qwywqgsmgaoiwsga.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:55.909738064 CET1.1.1.1192.168.2.60x64d0Name error (3)ososwckwcqmmwqcy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:56.146229982 CET1.1.1.1192.168.2.60x4a41Name error (3)osaymwoggqqycmse.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:56.457927942 CET1.1.1.1192.168.2.60xdea3Name error (3)oyewqwkusieeoqey.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:56.698515892 CET1.1.1.1192.168.2.60x7e29Name error (3)ommwaqgaemsmcqwc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.007752895 CET1.1.1.1192.168.2.60x2522Name error (3)cauewwukyywyqiei.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.241225958 CET1.1.1.1192.168.2.60xc086Name error (3)goeykqccmemkswom.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.470284939 CET1.1.1.1192.168.2.60xbf81Name error (3)aksuakswwkiimamq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:57.714262962 CET1.1.1.1192.168.2.60x925aName error (3)isaeicumkcuwqmqq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.027463913 CET1.1.1.1192.168.2.60xc0f6Name error (3)qiswokuokugiooky.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.269046068 CET1.1.1.1192.168.2.60x1ccfName error (3)qiswcssocuqsaqkq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.586529016 CET1.1.1.1192.168.2.60xbd45Name error (3)qcyksokwumicscaa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:58.980000019 CET1.1.1.1192.168.2.60x1decName error (3)esiaisyasoaoqwki.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.203002930 CET1.1.1.1192.168.2.60x154eName error (3)giqukkwwcwgqcisg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.438256025 CET1.1.1.1192.168.2.60x8034Name error (3)ymqaaskiwomkucuy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.670105934 CET1.1.1.1192.168.2.60xf38eName error (3)akueuaicusaoieiy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:43:59.903414965 CET1.1.1.1192.168.2.60xd2acName error (3)sauygqecsusickcu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:00.216659069 CET1.1.1.1192.168.2.60x9e39Name error (3)kkwkgmcoawgaoiwg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:00.470738888 CET1.1.1.1192.168.2.60x575fName error (3)saumycuogqsqykes.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:00.781317949 CET1.1.1.1192.168.2.60x8832Name error (3)ukyokaigmmkumgoa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.026487112 CET1.1.1.1192.168.2.60x8328Name error (3)eswweuycwwiiykwo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.269742966 CET1.1.1.1192.168.2.60x54acName error (3)uksgyqiqaaiaiesi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.541486979 CET1.1.1.1192.168.2.60xd9Name error (3)smckcsaioceiyasu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:01.786108017 CET1.1.1.1192.168.2.60x6389Name error (3)esimsqgcwwwmyoqc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.048063993 CET1.1.1.1192.168.2.60x6389Name error (3)esimsqgcwwwmyoqc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.249149084 CET1.1.1.1192.168.2.60x521fName error (3)maiyuocqqiqiiskw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.480557919 CET1.1.1.1192.168.2.60x558Name error (3)smaaowemwiwggocu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.733845949 CET1.1.1.1192.168.2.60x16edName error (3)kwuuwgemogmuomwq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:02.974003077 CET1.1.1.1192.168.2.60x668dName error (3)ukicsmiwggcwksam.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.211910009 CET1.1.1.1192.168.2.60x45d3Name error (3)gwamoggwyegsseao.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.455249071 CET1.1.1.1192.168.2.60x8d9aName error (3)immcqsiceooqyaay.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.698102951 CET1.1.1.1192.168.2.60x5d02Name error (3)kkcqgowgkcoyokcu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:03.946463108 CET1.1.1.1192.168.2.60x2c7aName error (3)kecgikusmakuksma.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:04.188389063 CET1.1.1.1192.168.2.60x9013Name error (3)ymuiggyusggsymoi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:04.435045958 CET1.1.1.1192.168.2.60x6099Name error (3)uecouukwkuceyuwg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:04.675648928 CET1.1.1.1192.168.2.60x5db7Name error (3)eyoaceoookqskqmy.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:04.899713039 CET1.1.1.1192.168.2.60x92c5Name error (3)awwomgcseeqwkkom.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:05.246804953 CET1.1.1.1192.168.2.60xfb46Name error (3)keykoekseemyiewq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:05.555862904 CET1.1.1.1192.168.2.60x3e4fName error (3)ysiwwoeeaaskykaw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:05.790980101 CET1.1.1.1192.168.2.60xc1f2Name error (3)kwmcuwccqmuecgea.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.016784906 CET1.1.1.1192.168.2.60x7aa3Name error (3)gwyooeiscmwguqms.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.333933115 CET1.1.1.1192.168.2.60x332aName error (3)wuokiysmiucoucak.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.654351950 CET1.1.1.1192.168.2.60x2843Name error (3)wuuiumemmigyyauq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:06.874938965 CET1.1.1.1192.168.2.60x6cf2Name error (3)acwomuuukiomgqkm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.197145939 CET1.1.1.1192.168.2.60xc457Name error (3)muwqwgaaymomgwmi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.433290958 CET1.1.1.1192.168.2.60x7b38Name error (3)omgcoecwsqiuqyug.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.705730915 CET1.1.1.1192.168.2.60xdf36Name error (3)kqmsgskwgemyueya.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:07.956087112 CET1.1.1.1192.168.2.60x62ccName error (3)eyiyueewuaqmmwcm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.196630955 CET1.1.1.1192.168.2.60x9775Name error (3)gwoyamckoqoaauoq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.476399899 CET1.1.1.1192.168.2.60x9775Name error (3)gwoyamckoqoaauoq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.590045929 CET1.1.1.1192.168.2.60x3c5aName error (3)qwqsoyoqkymakowm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:08.838795900 CET1.1.1.1192.168.2.60x94b8Name error (3)gcmiymmqgwuquokm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.089219093 CET1.1.1.1192.168.2.60xedf0Name error (3)ymseciekayuweoww.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.340167046 CET1.1.1.1192.168.2.60x12c9Name error (3)oyocwswugeiqqyoo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.583197117 CET1.1.1.1192.168.2.60x1e44Name error (3)omgooecquoweeomo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:09.822994947 CET1.1.1.1192.168.2.60x743dName error (3)imgeoyougkmmeuec.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:10.056111097 CET1.1.1.1192.168.2.60x78b3Name error (3)smoswyoekkccyuga.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:10.374075890 CET1.1.1.1192.168.2.60xffb2Name error (3)suwkomiqcykeyako.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:10.625415087 CET1.1.1.1192.168.2.60x3108Name error (3)smwsugycuuckemue.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:10.865286112 CET1.1.1.1192.168.2.60x9b26Name error (3)qigcqiaomwieqwka.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.018609047 CET1.1.1.1192.168.2.60x9b26Name error (3)qigcqiaomwieqwka.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.145020008 CET1.1.1.1192.168.2.60xee06Name error (3)oekcyqqggaegsesm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.401329041 CET1.1.1.1192.168.2.60xa2ebName error (3)qcoysaaooaiccqyu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.632859945 CET1.1.1.1192.168.2.60xc3d8Name error (3)mismuqiygyeysaoo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:12.876761913 CET1.1.1.1192.168.2.60x9de6Name error (3)wockoyekyageakcg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.104465008 CET1.1.1.1192.168.2.60x233dName error (3)ososokqeakgguwsq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.419819117 CET1.1.1.1192.168.2.60xca31Name error (3)wcgqccqcugomywua.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.733840942 CET1.1.1.1192.168.2.60xa849Name error (3)aqaqgemescmwsqks.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:13.972490072 CET1.1.1.1192.168.2.60x5419Name error (3)aqiwocaywcswuwsq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.212250948 CET1.1.1.1192.168.2.60x8d6dName error (3)aqgmgoqcoqqkguyk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.447740078 CET1.1.1.1192.168.2.60x7501Name error (3)oywgqkusocouysua.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.680013895 CET1.1.1.1192.168.2.60xccb6Name error (3)uyygagweoagcuqky.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:14.924366951 CET1.1.1.1192.168.2.60x4ab7Name error (3)muiccguyaeaqwweg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.158324003 CET1.1.1.1192.168.2.60x5651Name error (3)qiqueqokwqqgwwci.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.472670078 CET1.1.1.1192.168.2.60x4eeName error (3)uygmgoymcwcgkios.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.701895952 CET1.1.1.1192.168.2.60xacc4Name error (3)qiyggmguowygeooc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:15.964088917 CET1.1.1.1192.168.2.60xb130Name error (3)acacoiqgoimayqwm.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Nov 25, 2024 07:44:16.276987076 CET1.1.1.1192.168.2.60xd08fName error (3)smisyqewaummmwoc.xyznonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                        • keoqiqigggqkcykq.xyz:443

                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        0192.168.2.64979731.192.232.924435588C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Nov 25, 2024 07:42:44.412733078 CET130OUTGET /api/client_hello HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Host: keoqiqigggqkcykq.xyz:443
                                                                                                                                                                                                                        User-Agent: cpp-httplib/0.12.1


                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                        Start time:01:42:06
                                                                                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\2Wr5r2e9vo.msi"
                                                                                                                                                                                                                        Imagebase:0x7ff68c5f0000
                                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                        Start time:01:42:07
                                                                                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                        Imagebase:0x7ff68c5f0000
                                                                                                                                                                                                                        File size:69'632 bytes
                                                                                                                                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                        Start time:01:42:10
                                                                                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding C87318A1E88CD27EAD404D332FBFE39C
                                                                                                                                                                                                                        Imagebase:0x220000
                                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                        Start time:01:42:10
                                                                                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
                                                                                                                                                                                                                        Imagebase:0x560000
                                                                                                                                                                                                                        File size:29'696 bytes
                                                                                                                                                                                                                        MD5 hash:2E49585E4E08565F52090B144062F97E
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                        Start time:01:42:10
                                                                                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                        Start time:01:42:11
                                                                                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\expand.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
                                                                                                                                                                                                                        Imagebase:0xd30000
                                                                                                                                                                                                                        File size:53'248 bytes
                                                                                                                                                                                                                        MD5 hash:544B0DBFF3F393BCE8BB9D815F532D51
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                        Start time:01:42:11
                                                                                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                        Start time:01:42:37
                                                                                                                                                                                                                        Start date:25/11/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\MW-f76490c4-b905-436a-bbaf-3329bc84ae5f\files\anterra.exe" /VERYSILENT /VERYSILENT
                                                                                                                                                                                                                        Imagebase:0x440000
                                                                                                                                                                                                                        File size:688'039'936 bytes
                                                                                                                                                                                                                        MD5 hash:DF5B588DABBB47648D6FEF8ABBC59064
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:1.6%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                          Signature Coverage:27.2%
                                                                                                                                                                                                                          Total number of Nodes:375
                                                                                                                                                                                                                          Total number of Limit Nodes:26
                                                                                                                                                                                                                          execution_graph 70254 5c1c5a 42 API calls 3 library calls 70400 5ac253 DecodePointer 70258 477850 VirtualAlloc 70259 490450 44 API calls 70262 45b865 45 API calls _ValidateLocalCookies 70267 45f860 73 API calls 70410 470e60 69 API calls 70273 477870 VirtualFree 69964 47747c 69968 477396 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 69964->69968 69965 477390 Sleep 69965->69968 69968->69965 69969 477426 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 69968->69969 69970 5ab8ad QueryPerformanceFrequency 69968->69970 69971 5ab896 QueryPerformanceCounter 69968->69971 69970->69968 69971->69968 70275 44a7c6 28 API calls 2 library calls 70428 475e10 44 API calls 70284 44b420 19 API calls 2 library calls 70286 463820 EnterCriticalSection __fread_nolock 70432 477620 34 API calls 3 library calls 70287 5acc35 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 70437 46d630 LeaveCriticalSection LeaveCriticalSection std::_Lockit::~_Lockit 70441 5bde26 29 API calls 70294 4624ce 6 API calls _ValidateLocalCookies 70297 5aa8c9 75 API calls ___scrt_uninitialize_crt 70298 44acd0 27 API calls ___std_exception_copy 70300 4a10d0 8 API calls std::_Facet_Register 70301 5c10c1 41 API calls 3 library calls 69955 5bc6f1 69956 5bc72f 69955->69956 69960 5bc6ff __dosmaperr 69955->69960 69963 5b3657 14 API calls __dosmaperr 69956->69963 69958 5bc71a RtlAllocateHeap 69959 5bc72d 69958->69959 69958->69960 69960->69956 69960->69958 69962 5b1778 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 69960->69962 69962->69960 69963->69959 70303 5aa8f1 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_release_startup_lock 70450 4462f0 39 API calls 70304 5c44ea 15 API calls _free 70453 505a90 45 API calls 70311 5ad490 RtlUnwind VirtualQuery ___except_validate_context_record _CallDestructExceptionObject 70312 5aa890 11 API calls ___scrt_uninitialize_crt 70313 477890 LoadLibraryA 70314 5b1483 23 API calls CallUnexpected 70316 53f8b0 60 API calls _ValidateLocalCookies 70464 4696a0 66 API calls 70318 5014a0 51 API calls std::_Throw_Cpp_error 70472 462f40 72 API calls 70324 478540 7 API calls __Strxfrm 70473 477740 6 API calls 69816 490750 69828 4907b0 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 69816->69828 69817 4907c9 69818 4926ca 69817->69818 69819 492722 DefWindowProcA 69817->69819 69834 492830 69818->69834 69825 4926f1 69819->69825 69823 4926e9 69839 492a50 69823->69839 69825->69825 69826 474e30 28 API calls 69826->69828 69827 4756e0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 69827->69828 69828->69817 69828->69826 69828->69827 69829 45f090 27 API calls 69828->69829 69830 45f1d0 54 API calls 69828->69830 69831 4924ed Beep 69828->69831 69832 49160d Beep 69828->69832 69833 4910b5 69828->69833 69829->69828 69830->69828 69831->69828 69832->69828 69833->69833 69837 492880 69834->69837 69835 4926db 69838 492940 29 API calls std::_Throw_Cpp_error 69835->69838 69836 58b550 51 API calls 69836->69837 69837->69835 69837->69836 69838->69823 69841 492aa0 69839->69841 69840 492b03 69840->69825 69841->69840 69896 5ba299 69841->69896 69897 5ba2a5 CatchIt 69896->69897 69902 5bc8b8 GetLastError 69897->69902 69903 5bc8d5 69902->69903 69904 5bc8cf 69902->69904 69928 5bc8db SetLastError 69903->69928 69931 5bd051 6 API calls std::_Locinfo::_Locinfo_ctor 69903->69931 69930 5bd012 6 API calls std::_Locinfo::_Locinfo_ctor 69904->69930 69907 5bc8f3 69907->69928 69932 5bd75d 69907->69932 69911 5ba2aa 69929 5b4743 39 API calls CallUnexpected 69911->69929 69912 5bc96f 69951 5b4743 39 API calls CallUnexpected 69912->69951 69913 5bc90b 69941 5bd051 6 API calls std::_Locinfo::_Locinfo_ctor 69913->69941 69914 5bc922 69948 5bd051 6 API calls std::_Locinfo::_Locinfo_ctor 69914->69948 69918 5bc919 69942 5bc6b7 69918->69942 69920 5bc92e 69921 5bc943 69920->69921 69922 5bc932 69920->69922 69950 5bcb30 14 API calls __dosmaperr 69921->69950 69949 5bd051 6 API calls std::_Locinfo::_Locinfo_ctor 69922->69949 69926 5bc94e 69927 5bc6b7 _free 14 API calls 69926->69927 69927->69928 69928->69911 69928->69912 69930->69903 69931->69907 69933 5bd76a 69932->69933 69934 5bd77e __dosmaperr 69933->69934 69935 5bd795 HeapAlloc 69933->69935 69936 5bd7aa 69933->69936 69934->69935 69934->69936 69952 5b1778 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 69934->69952 69935->69934 69937 5bd7a8 69935->69937 69953 5b3657 14 API calls __dosmaperr 69936->69953 69939 5bc903 69937->69939 69939->69913 69939->69914 69941->69918 69943 5bc6eb _free 69942->69943 69944 5bc6c2 HeapFree 69942->69944 69943->69928 69944->69943 69945 5bc6d7 69944->69945 69954 5b3657 14 API calls __dosmaperr 69945->69954 69947 5bc6dd GetLastError 69947->69943 69948->69920 69949->69918 69950->69926 69952->69934 69953->69939 69954->69947 70034 4ec350 70035 4ec3e0 70034->70035 70041 4de880 70035->70041 70039 4ec497 70040 4ec4c2 70042 4de8d0 70041->70042 70043 4de988 70042->70043 70044 4e10b0 28 API calls 70042->70044 70045 5aa595 _ValidateLocalCookies 5 API calls 70043->70045 70044->70042 70046 4de995 70045->70046 70046->70039 70047 4ec580 70046->70047 70048 4ec5e0 70047->70048 70048->70048 70061 4ec730 70048->70061 70050 4ec609 70069 4eb4c0 70050->70069 70054 4ec62c 70077 4ed7d0 70054->70077 70058 4edb20 27 API calls 70059 4ec658 70058->70059 70059->70058 70060 4ec6d3 70059->70060 70060->70040 70062 4ec793 70061->70062 70063 4de880 28 API calls 70062->70063 70064 4ecc74 70063->70064 70093 4ee6f0 70064->70093 70068 4ed2ae 70068->70050 70072 4eb500 _strlen 70069->70072 70070 4eb519 70073 4e4000 70070->70073 70071 4489c0 28 API calls 70071->70072 70072->70070 70072->70071 70075 4e4016 70073->70075 70074 4e43cc 70074->70054 70075->70074 70107 4489c0 28 API calls 3 library calls 70075->70107 70078 4ed820 70077->70078 70079 5aa595 _ValidateLocalCookies 5 API calls 70078->70079 70080 4ec64c 70079->70080 70081 4ed940 70080->70081 70108 5aa52a 70081->70108 70085 4eda1e 70086 4ed9f0 70086->70085 70130 4e11d0 28 API calls 70086->70130 70088 4eda6e 70131 4f1820 28 API calls 70088->70131 70090 4eda94 70132 4f1820 28 API calls 70090->70132 70092 4eda9c 70092->70059 70094 4ee750 70093->70094 70102 4e0e10 70094->70102 70097 4ee960 70100 4ee9a0 70097->70100 70098 4eec41 70098->70068 70099 4eed20 6 API calls 70099->70100 70100->70098 70100->70099 70101 44a5e0 28 API calls std::_Throw_Cpp_error 70100->70101 70101->70100 70106 4e0e50 70102->70106 70103 4e0f20 70103->70097 70104 4e0f30 6 API calls 70104->70106 70105 44a5e0 28 API calls std::_Throw_Cpp_error 70105->70106 70106->70103 70106->70104 70106->70105 70107->70075 70110 5aa52f ___std_exception_copy 70108->70110 70109 4ed97a 70119 4f1650 70109->70119 70110->70109 70112 5aa54b 70110->70112 70133 5b1778 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 70110->70133 70113 5abb99 std::_Facet_Register 70112->70113 70115 5aa555 Concurrency::cancel_current_task 70112->70115 70135 5acda0 RaiseException 70113->70135 70134 5acda0 RaiseException 70115->70134 70116 5abbb5 70118 5ab111 70136 4e2190 70119->70136 70124 4f16d7 70125 4f23b0 60 API calls 70126 4f16f1 70125->70126 70127 4f171c 70126->70127 70175 5ab6e7 70126->70175 70130->70088 70131->70090 70132->70092 70133->70110 70134->70118 70135->70116 70137 4e2200 70136->70137 70178 5ab6d6 70137->70178 70139 4e226c 70140 4e22e4 70139->70140 70141 4e22be 70139->70141 70142 4e22ac 70139->70142 70181 4e2300 5 API calls _ValidateLocalCookies 70139->70181 70147 4f23b0 70140->70147 70182 5ab015 28 API calls 2 library calls 70141->70182 70183 5ab015 28 API calls 2 library calls 70142->70183 70148 4e2190 35 API calls 70147->70148 70149 4f240d 70148->70149 70163 4f257b 70149->70163 70200 4e9fd0 70149->70200 70152 4f25a5 GetCurrentThreadId 70154 4f2610 70152->70154 70153 4f2fd1 70157 5ab6e7 ReleaseSRWLockExclusive 70154->70157 70155 4f2470 shutdown 70158 4f243b 70155->70158 70156 4f2faa 70156->70153 70159 5ab6e7 ReleaseSRWLockExclusive 70156->70159 70168 4f267f 70157->70168 70158->70152 70158->70155 70161 4f24ce 70158->70161 70162 4f309f 70159->70162 70160 4f24f5 70161->70160 70161->70163 70164 4f2560 closesocket 70161->70164 70208 4deef0 70163->70208 70164->70161 70165 4f2d2b 70212 4f6cf0 70165->70212 70167 4f31f0 43 API calls 70167->70168 70168->70165 70168->70167 70224 4f6870 5 API calls _ValidateLocalCookies 70168->70224 70225 4f33b0 28 API calls _ValidateLocalCookies 70168->70225 70171 4f2e2c 70216 4f3b50 70171->70216 70173 4f16a6 70173->70124 70173->70125 70173->70126 70176 5ab6f3 ReleaseSRWLockExclusive 70175->70176 70177 4f17da 70175->70177 70176->70177 70177->70086 70184 5ab705 GetCurrentThreadId 70178->70184 70181->70139 70185 5ab74e 70184->70185 70186 5ab72f 70184->70186 70188 5ab76e 70185->70188 70189 5ab757 70185->70189 70187 5ab734 AcquireSRWLockExclusive 70186->70187 70195 5ab744 70186->70195 70187->70195 70191 5ab7cd 70188->70191 70197 5ab786 70188->70197 70190 5ab762 AcquireSRWLockExclusive 70189->70190 70189->70195 70190->70195 70193 5ab7d4 TryAcquireSRWLockExclusive 70191->70193 70191->70195 70192 5aa595 _ValidateLocalCookies 5 API calls 70194 5ab6e3 70192->70194 70193->70195 70194->70139 70195->70192 70197->70195 70198 5ab7bd TryAcquireSRWLockExclusive 70197->70198 70199 5ab858 GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 70197->70199 70198->70195 70198->70197 70199->70197 70226 4e9070 70200->70226 70202 4e9ffb 70203 4ea5b0 16 API calls 70202->70203 70204 4ea30d 70202->70204 70233 5b3657 14 API calls __dosmaperr 70202->70233 70203->70202 70206 5aa595 _ValidateLocalCookies 5 API calls 70204->70206 70207 4ea31b 70206->70207 70207->70158 70209 4def2f 70208->70209 70210 5aa595 _ValidateLocalCookies 5 API calls 70209->70210 70211 4df24e 70210->70211 70211->70152 70211->70156 70213 4f6d35 70212->70213 70214 5aa595 _ValidateLocalCookies 5 API calls 70213->70214 70215 4f711b 70214->70215 70215->70171 70217 4f3ba8 70216->70217 70218 4f3bfe 70217->70218 70219 4f3be8 70217->70219 70221 4f3bac 70217->70221 70235 4f75a0 70218->70235 70246 5ab1f1 RaiseException Concurrency::cancel_current_task CallUnexpected 70219->70246 70221->70173 70224->70168 70225->70168 70230 4e90a9 70226->70230 70227 4e97a3 70228 5aa595 _ValidateLocalCookies 5 API calls 70227->70228 70229 4e97b5 70228->70229 70229->70202 70230->70227 70231 4e93ce select 70230->70231 70234 5b3657 14 API calls __dosmaperr 70230->70234 70231->70230 70233->70202 70234->70230 70237 4f75f2 70235->70237 70236 4e2190 35 API calls 70236->70237 70237->70236 70238 4f7653 70237->70238 70239 4f76fe shutdown 70238->70239 70241 4f770b 70238->70241 70244 4f77b5 70238->70244 70239->70238 70240 4f7734 70241->70240 70242 4f77a0 closesocket 70241->70242 70241->70244 70242->70241 70243 5ab6e7 ReleaseSRWLockExclusive 70243->70244 70244->70243 70245 4f79c3 70244->70245 70245->70221 70336 5c1d7a 41 API calls 3 library calls 70483 47f760 16 API calls ___vcrt_freefls@4 70339 463970 LeaveCriticalSection __fread_nolock 70486 468770 70 API calls _ValidateLocalCookies 70487 4eb770 33 API calls _ValidateLocalCookies 70345 5c4114 18 API calls 3 library calls 70489 47730d Sleep QueryPerformanceCounter QueryPerformanceFrequency __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 70491 47e310 10 API calls _ValidateLocalCookies 70492 5aaf0d 9 API calls 3 library calls 69972 4e3510 69974 4e35a0 69972->69974 69976 4e43e0 69974->69976 69975 4e3682 69977 4e442e 69976->69977 69980 4e44b3 69977->69980 69999 496d30 69977->69999 69979 4e44ec 69981 4e44f7 getaddrinfo 69979->69981 69982 4e450d 69981->69982 69995 4e4552 69981->69995 69985 4e4543 69982->69985 70018 44cbb0 69982->70018 69983 4e456e WSASocketW 69987 4e4590 socket 69983->69987 69983->69995 69986 4e485b freeaddrinfo 69986->69982 69989 4e4722 69986->69989 69987->69995 69988 4e489e freeaddrinfo 69988->69986 69989->69982 69989->69986 69989->69988 69990 4e45b3 setsockopt 69990->69995 69991 4e4762 69991->69975 69993 4e461d setsockopt 69993->69995 69995->69982 69995->69983 69995->69989 69995->69990 69995->69993 69996 4e4700 69995->69996 69997 4e467f freeaddrinfo 69995->69997 69998 4e46a0 closesocket 69995->69998 70006 4e4a70 69995->70006 70017 4e48f0 6 API calls 2 library calls 69995->70017 69996->69996 69997->69995 69998->69995 70004 496d5a 69999->70004 70000 4972a0 28 API calls 70000->70004 70001 496f95 70021 5aa595 70001->70021 70002 496fb0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 70002->70004 70004->70000 70004->70001 70004->70002 70005 496fa0 70005->69979 70007 4e4aa1 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 70006->70007 70008 4e4d36 WSAGetLastError 70007->70008 70009 4e4ca3 WSAGetLastError 70007->70009 70010 4e4b5c ioctlsocket 70007->70010 70011 4e4d9f 70007->70011 70012 4e4aeb ioctlsocket connect 70007->70012 70014 4e4b9c setsockopt 70007->70014 70016 4e4bd5 setsockopt 70007->70016 70008->70007 70009->70007 70010->70007 70013 5aa595 _ValidateLocalCookies 5 API calls 70011->70013 70012->70007 70015 4e4dad 70013->70015 70014->70007 70015->69995 70016->70007 70017->69995 70029 44f130 70018->70029 70022 5aa59e IsProcessorFeaturePresent 70021->70022 70023 5aa59d 70021->70023 70025 5abca6 70022->70025 70023->70005 70028 5abd8b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 70025->70028 70027 5abd89 70027->70005 70028->70027 70032 44f160 70029->70032 70030 44cbb9 70030->69991 70032->70030 70033 44c6e0 27 API calls 2 library calls 70032->70033 70033->70032 70347 4e8910 33 API calls _ValidateLocalCookies 70348 5ac13b 49 API calls _unexpected 70493 5b2f38 64 API calls 2 library calls 70349 544d30 46 API calls 2 library calls 70495 451320 5 API calls _ValidateLocalCookies 70496 458723 40 API calls 70497 469b20 67 API calls 70351 472520 48 API calls 70502 46fb30 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 70503 49b730 46 API calls __Strxfrm 70247 4ea330 70248 4ea33e 70247->70248 70249 5b3657 14 API calls _free 70248->70249 70250 4ea474 select 70248->70250 70251 4ea597 70248->70251 70249->70248 70250->70248 70356 4e7530 21 API calls 2 library calls 70504 4f8730 96 API calls std::_Throw_Cpp_error 70358 53f9d0 39 API calls 70510 4647c0 29 API calls _ValidateLocalCookies 70511 5bcfd3 6 API calls std::_Locinfo::_Locinfo_ctor 70515 5bfbca 43 API calls 3 library calls 70363 4661d0 44 API calls std::_Throw_Cpp_error 70364 4671d0 43 API calls 3 library calls 70367 471dd0 65 API calls 70370 5ac1fa DeleteCriticalSection 70521 5b47fe 42 API calls 70522 45f7e0 117 API calls 70372 5ad5f0 40 API calls 5 library calls 70374 5aadf5 16 API calls 2 library calls 70528 45f3f0 41 API calls 2 library calls 70376 4601f0 37 API calls std::_Throw_Cpp_error 70531 4697f0 68 API calls _ValidateLocalCookies 70380 5ac1e5 InitializeCriticalSectionEx 70534 5af79f 47 API calls 4 library calls 70535 5abf9f GetStartupInfoW __fread_nolock 70383 477980 GetProcAddress 70537 5bcf94 6 API calls std::_Locinfo::_Locinfo_ctor 70384 44ad90 14 API calls ___std_exception_destroy 70387 477990 FreeLibrary 70540 49b390 45 API calls 2 library calls 70541 476398 SetLastError 70543 44cba0 54 API calls CatchGuardHandler 70393 5c19a8 44 API calls 3 library calls 70551 463bb0 69 API calls _ValidateLocalCookies

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00492A50 Relevance: 32.0, APIs: 13, Strings: 3, Instructions: 4025COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0A]$d[o[$d[o[
                                                                                                                                                                                                                          • API String ID: 0-3121827694
                                                                                                                                                                                                                          • Opcode ID: 887f4b03423070900513ffa0b71856ebf35c560d0960700ca5469495e1617b36
                                                                                                                                                                                                                          • Instruction ID: e81a39e2c95d7a2aa93b6fb22c7545817c09ae1c5ef17289f2571d190619ca8e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 887f4b03423070900513ffa0b71856ebf35c560d0960700ca5469495e1617b36
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53631936205B418FCB28CF34D5D066B7BE2BB96314F254A2ED4978B791D739E80ACB05
                                                                                                                                                                                                                          Function 004E43E0 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 345networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 833 4e43e0-4e442c 834 4e442e-4e4442 call 4613f0 833->834 835 4e4447-4e446b 833->835 840 4e44d5-4e450b call 496d30 call 4613f0 getaddrinfo 834->840 837 4e4470-4e4472 835->837 837->837 839 4e4474-4e447a 837->839 841 4e447c-4e4496 call 4613f0 839->841 842 4e4498 839->842 854 4e450d-4e4532 840->854 855 4e4552-4e4557 840->855 843 4e449a-4e44ad 841->843 842->843 847 4e44af-4e44b1 843->847 848 4e44c2-4e44ce 843->848 847->848 850 4e44b3 847->850 848->840 852 4e44c0 850->852 852->852 858 4e475a-4e4794 call 44cbb0 854->858 859 4e4538-4e453d 854->859 856 4e455d 855->856 857 4e4722-4e4728 855->857 861 4e456e-4e458e WSASocketW 856->861 860 4e472e-4e4745 857->860 876 4e47a0-4e47a5 858->876 859->858 863 4e4543-4e454e 859->863 864 4e485b-4e4890 freeaddrinfo 860->864 865 4e474b-4e474f 860->865 866 4e45aa-4e45b1 861->866 867 4e4590-4e45a4 socket 861->867 869 4e4550 863->869 864->858 872 4e4896-4e4898 864->872 870 4e489e-4e48a7 freeaddrinfo 865->870 871 4e4755 865->871 874 4e45cb-4e45d2 866->874 875 4e45b3-4e45c5 setsockopt 866->875 867->866 873 4e46af 867->873 869->869 870->864 871->864 872->858 872->870 877 4e46b1 873->877 880 4e4617-4e461b 874->880 881 4e45d4-4e460a call 4e48f0 874->881 875->874 878 4e47a7-4e47ac 876->878 879 4e47e0-4e47e5 876->879 882 4e46b3-4e46d7 877->882 883 4e4848-4e485a 878->883 884 4e47b2-4e47b7 878->884 886 4e4836-4e4843 call 4e2910 879->886 887 4e47e7-4e47ec 879->887 888 4e463c-4e4648 call 4e4a70 880->888 889 4e461d-4e4635 setsockopt 880->889 881->880 902 4e460c-4e4611 881->902 891 4e46dd-4e46df 882->891 892 4e46d9-4e46db 882->892 884->876 893 4e47b9-4e47de 884->893 886->876 887->876 895 4e47ee-4e4831 call 4e2910 887->895 897 4e464d-4e466e 888->897 889->888 900 4e46e5-4e46ed 891->900 901 4e4560-4e4568 891->901 892->891 899 4e4700 892->899 893->876 895->876 904 4e467b-4e467d 897->904 905 4e4670-4e4675 897->905 899->899 900->901 906 4e46f3-4e46f6 900->906 901->860 901->861 902->880 907 4e4720 902->907 910 4e467f-4e4690 freeaddrinfo 904->910 911 4e46a0-4e46ad closesocket 904->911 905->904 909 4e4710 905->909 906->858 907->907 909->909 910->877 911->882
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • getaddrinfo.WS2_32(?,00000000,?,?), ref: 004E4503
                                                                                                                                                                                                                          • WSASocketW.WS2_32(?,?,?,00000000,00000000,00000081), ref: 004E4580
                                                                                                                                                                                                                          • socket.WS2_32(?,?,?), ref: 004E4599
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Socketgetaddrinfosocket
                                                                                                                                                                                                                          • String ID: |Lr$|Lr$|Lr
                                                                                                                                                                                                                          • API String ID: 2767352139-3361303107
                                                                                                                                                                                                                          • Opcode ID: ac0d3ab10a53c6a9639f18e23422b37821ff75aee6bf04bf1998b068e41de272
                                                                                                                                                                                                                          • Instruction ID: 17de4026a7566b897878abe381382e4c44dc5fe056ce40b67a39742ea35b9a6c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac0d3ab10a53c6a9639f18e23422b37821ff75aee6bf04bf1998b068e41de272
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABC1673AA006858FCF14CF65DC807EEB7B5FF94316F14421AD415AB2E1D73A9846DB88
                                                                                                                                                                                                                          Function 00490750 Relevance: 12.7, APIs: 7, Instructions: 2192COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0049095D
                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0049181F
                                                                                                                                                                                                                          • DefWindowProcA.USER32(?,?,?,?,?,?), ref: 0049272C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ProcWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4155614108-0
                                                                                                                                                                                                                          • Opcode ID: ec73c947eec0f816a5e290bca275dc1a9341611e340d81d64e31c4e8c18bfc72
                                                                                                                                                                                                                          • Instruction ID: 50521603a974aa533c5d3c68106470331e880491317c22c70a509ba52b883068
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec73c947eec0f816a5e290bca275dc1a9341611e340d81d64e31c4e8c18bfc72
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC03D735200B418FCB28CF35D5D0667BBE2BF95350B258A2ED4968BBA1D735E80ACF45
                                                                                                                                                                                                                          Function 004F23B0 Relevance: 11.4, APIs: 3, Strings: 3, Instructions: 897threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 004E2190: std::_Throw_Cpp_error.LIBCPMT ref: 004E22F5
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004F25AE
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Cpp_errorCurrentThreadThrow_std::_
                                                                                                                                                                                                                          • String ID: TW+$UW+$UW+
                                                                                                                                                                                                                          • API String ID: 350343453-477659226
                                                                                                                                                                                                                          • Opcode ID: 9410cfc3a1351bb350547c9304ddaa9ef7654fef0a0e42ee5ed2aa6580fdbe68
                                                                                                                                                                                                                          • Instruction ID: dc784dcd11343d94a0056f1ac1fcc452a82c6bc0b3316707288f8c19f098865f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9410cfc3a1351bb350547c9304ddaa9ef7654fef0a0e42ee5ed2aa6580fdbe68
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F72F335200B458FCB28CF3896D0677B7E2BF95310B648A1ED99A8B791D774EC0ACB45
                                                                                                                                                                                                                          Function 00588650 Relevance: 11.4, APIs: 3, Strings: 4, Instructions: 861COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1537 588650-588691 1538 5886d0-5886d5 1537->1538 1539 588720-588725 1538->1539 1540 5886d7-5886dc 1538->1540 1543 58872b-588730 1539->1543 1544 5887e0-5887e5 1539->1544 1541 5887a0-5887a5 1540->1541 1542 5886e2-5886e7 1540->1542 1551 5889c9-5889ce 1541->1551 1552 5887ab-5887b0 1541->1552 1545 5886ed-5886f2 1542->1545 1546 588825-58882a 1542->1546 1549 58885c-588861 1543->1549 1550 588736-58873b 1543->1550 1547 5887eb-5887f0 1544->1547 1548 588a30-588a35 1544->1548 1553 5886f8-5886fd 1545->1553 1554 588a97-588a9c 1545->1554 1557 588830-588835 1546->1557 1558 588be4-588be9 1546->1558 1555 588b9b-588ba0 1547->1555 1556 5887f6-5887fb 1547->1556 1565 588a3b-588a40 1548->1565 1566 588d9d-588da2 1548->1566 1563 588d5d-588d62 1549->1563 1564 588867-58886c 1549->1564 1559 588741-588746 1550->1559 1560 588ac3-588ac8 1550->1560 1561 588d7d-588d82 1551->1561 1562 5889d4-5889d9 1551->1562 1567 588b7b-588b80 1552->1567 1568 5887b6-5887bb 1552->1568 1589 588703-588708 1553->1589 1590 588e26-588e46 call 58acf0 Sleep 1553->1590 1569 58904b-589070 1554->1569 1570 588aa2-588aa7 1554->1570 1583 5890ad-5890b5 1555->1583 1584 588ba6-588bab 1555->1584 1573 588ea9-588eae 1556->1573 1574 588801-588806 1556->1574 1581 58883b-588840 1557->1581 1582 588eb3-588eb8 1557->1582 1587 5890ba-5890cb 1558->1587 1588 588bef-588bf4 1558->1588 1591 58874c-588751 1559->1591 1592 588e63-588ea4 1559->1592 1575 588ace-588ad3 1560->1575 1576 589075-589083 1560->1576 1571 588d88-588d8d 1561->1571 1572 5891d2-5891fc 1561->1572 1593 588ff8-589009 1562->1593 1594 5889df-5889e4 1562->1594 1595 588d68-588d6d 1563->1595 1596 5891be-5891cd Sleep 1563->1596 1585 588ebd-588f05 1564->1585 1586 588872-588877 1564->1586 1597 58900e-589046 1565->1597 1598 588a46-588a4b 1565->1598 1577 588da8-588dad 1566->1577 1578 589217-58925c call 58acf0 Sleep 1566->1578 1579 589088-5890a3 1567->1579 1580 588b86-588b8b 1567->1580 1599 5887c1-5887c6 1568->1599 1600 588693-5886bd 1568->1600 1569->1538 1570->1538 1611 588aad-588abe 1570->1611 1571->1538 1602 588d93-588d98 1571->1602 1609 589201-589212 1572->1609 1573->1538 1574->1538 1603 58880c-588820 1574->1603 1575->1538 1612 588ad9-588b76 1575->1612 1576->1538 1577->1538 1604 588db3-588e21 call 589d10 call 58a6e0 1577->1604 1639 589266-589275 1578->1639 1579->1583 1580->1538 1613 588b91-588b96 1580->1613 1581->1538 1605 588846-588857 1581->1605 1582->1538 1583->1538 1584->1538 1614 588bb1-588bdf call 589d10 call 58a6e0 1584->1614 1585->1538 1586->1538 1607 58887d-5888f5 call 58a870 1586->1607 1587->1538 1588->1538 1617 588bfa-588c73 call 58a870 1588->1617 1618 588e4b-588e5e 1589->1618 1619 58870e-588713 1589->1619 1590->1538 1620 5892ba-5892bf 1591->1620 1621 588757-58879a 1591->1621 1592->1538 1593->1538 1594->1538 1608 5889ea-588a2b 1594->1608 1595->1538 1622 588d73-588d78 1595->1622 1596->1538 1597->1609 1598->1538 1610 588a51-588a92 1598->1610 1599->1538 1601 5887cc-5887d1 1599->1601 1615 5886c2-5886cd 1600->1615 1601->1538 1602->1538 1603->1538 1604->1538 1605->1538 1638 588900-588906 1607->1638 1608->1538 1609->1538 1610->1538 1611->1538 1612->1538 1613->1538 1614->1538 1615->1538 1640 588c80-588c86 1617->1640 1618->1538 1619->1538 1629 588715-58871a 1619->1629 1620->1538 1630 5892c5-5892d6 call 5aa595 1620->1630 1621->1538 1622->1538 1629->1538 1643 588908-58890e 1638->1643 1644 588970-588976 1638->1644 1639->1538 1646 588c88-588c8e 1640->1646 1647 588d00-588d06 1640->1647 1648 588914-58891a 1643->1648 1649 5889b6-5889c4 1643->1649 1650 588f0a-588f8e 1644->1650 1651 58897c-588982 1644->1651 1652 588c94-588c9a 1646->1652 1653 588d47-588d58 1646->1653 1654 588d0c-588d12 1647->1654 1655 5890d0-589153 1647->1655 1648->1638 1656 58891c-58896b 1648->1656 1649->1638 1657 588f90-588f96 1650->1657 1651->1638 1658 588988-5889b1 1651->1658 1652->1640 1660 588c9c-588cef 1652->1660 1653->1640 1654->1640 1661 588d18-588d42 1654->1661 1659 589160-589166 1655->1659 1656->1638 1664 588f98-588f9e 1657->1664 1665 588fb0-588fb6 1657->1665 1658->1638 1662 589168-58916e 1659->1662 1663 589180-589186 1659->1663 1660->1640 1661->1640 1669 5891ba-5891bc 1662->1669 1670 589170-589176 1662->1670 1671 58927a-5892b5 1663->1671 1672 58918c-589192 1663->1672 1666 588fa0-588fa6 1664->1666 1667 588ff4-588ff6 1664->1667 1665->1639 1668 588fbc-588fc2 1665->1668 1666->1657 1675 588fa8-588fad 1666->1675 1667->1657 1668->1657 1676 588fc4-588ff2 1668->1676 1669->1659 1670->1659 1673 589178-58917d 1670->1673 1671->1615 1672->1659 1674 589194-5891b8 1672->1674 1673->1659 1674->1659 1675->1657 1676->1657
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: H=)$I=)$I=)$a73
                                                                                                                                                                                                                          • API String ID: 0-1616150507
                                                                                                                                                                                                                          • Opcode ID: a9ae86fae0b90c0e43c5e22fd09f6d1144a4c0afee3a5dbe80d2160a84ebc31a
                                                                                                                                                                                                                          • Instruction ID: 8f423be7aacbae321a6c702766ef964176f3a0c8c9562c5ff1477dcc1ee26ccf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9ae86fae0b90c0e43c5e22fd09f6d1144a4c0afee3a5dbe80d2160a84ebc31a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 976207393047018FCB28DE3999D0536BBE2FFD93107688A1AD956DB7A0D631EC46DB42
                                                                                                                                                                                                                          Function 004EA5B0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1677 4ea5b0-4ea5d0 1678 4ea60b-4ea610 1677->1678 1679 4ea612-4ea617 1678->1679 1680 4ea690-4ea695 1678->1680 1683 4ea61d-4ea622 1679->1683 1684 4ea6f0-4ea6f5 1679->1684 1681 4ea80d-4ea812 1680->1681 1682 4ea69b-4ea6a0 1680->1682 1687 4ea818-4ea81d 1681->1687 1688 4ea8a4-4ea8b9 call 5b3657 1681->1688 1689 4ea6a6-4ea6ab 1682->1689 1690 4ea837-4ea83c 1682->1690 1685 4ea82d-4ea832 1683->1685 1686 4ea628-4ea62d 1683->1686 1691 4ea84b-4ea850 1684->1691 1692 4ea6fb-4ea700 1684->1692 1685->1678 1693 4ea62f-4ea634 1686->1693 1694 4ea5d2-4ea5ec 1686->1694 1695 4ea8be-4ea8c3 1687->1695 1696 4ea823-4ea828 1687->1696 1688->1678 1697 4ea841-4ea846 1689->1697 1698 4ea6b1-4ea6b6 1689->1698 1690->1678 1691->1678 1699 4ea706-4ea70b 1692->1699 1700 4ea855-4ea87e 1692->1700 1693->1678 1703 4ea636-4ea67f 1693->1703 1707 4ea5f1-4ea608 1694->1707 1695->1678 1704 4ea8c9-4ea8d4 1695->1704 1696->1678 1697->1678 1698->1678 1705 4ea6bc-4ea6dc 1698->1705 1699->1678 1706 4ea711-4ea73c 1699->1706 1709 4ea888-4ea89f 1700->1709 1703->1678 1705->1707 1708 4ea740-4ea745 1706->1708 1707->1678 1710 4ea747-4ea74c 1708->1710 1711 4ea780-4ea785 1708->1711 1709->1678 1710->1709 1714 4ea752-4ea757 1710->1714 1712 4ea7b7-4ea808 recv 1711->1712 1713 4ea787-4ea78c 1711->1713 1712->1708 1713->1708 1715 4ea78e-4ea7b5 1713->1715 1714->1708 1716 4ea759-4ea771 recv 1714->1716 1715->1708 1716->1708
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: %>$%>$%>$%>
                                                                                                                                                                                                                          • API String ID: 0-275579199
                                                                                                                                                                                                                          • Opcode ID: 8658111c51faae4bd960a6a1e9bcd752fefc253ff51f453e72ddf05414df2034
                                                                                                                                                                                                                          • Instruction ID: 8e993be0e588d9c61c516e3c64509fa1a63e8a62dd19b5c308432f18f0ae1a49
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8658111c51faae4bd960a6a1e9bcd752fefc253ff51f453e72ddf05414df2034
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E610C353046808FCF288E3A99D442777D3AF95315729852BE496CB3A0D629DC9ADF07
                                                                                                                                                                                                                          Function 004E9070 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 348COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1741 4e9070-4e90a7 1742 4e90f0-4e90f5 1741->1742 1743 4e90f7-4e90fc 1742->1743 1744 4e9130-4e9135 1742->1744 1745 4e90fe-4e9103 1743->1745 1746 4e9170-4e9175 1743->1746 1747 4e913b-4e9140 1744->1747 1748 4e91f0-4e91f5 1744->1748 1749 4e9109-4e910e 1745->1749 1750 4e9232-4e9237 1745->1750 1755 4e917b-4e9180 1746->1755 1756 4e9297-4e929c 1746->1756 1753 4e9146-4e914b 1747->1753 1754 4e9277-4e927c 1747->1754 1751 4e91fb-4e9200 1748->1751 1752 4e9499-4e949e 1748->1752 1763 4e94b9-4e94ca 1749->1763 1764 4e9114-4e9119 1749->1764 1767 4e923d-4e9242 1750->1767 1768 4e96e1-4e96e6 1750->1768 1765 4e96bc-4e96c3 1751->1765 1766 4e9206-4e920b 1751->1766 1757 4e9784-4e9789 1752->1757 1758 4e94a4-4e94a9 1752->1758 1769 4e94d9-4e9690 1753->1769 1770 4e9151-4e9156 1753->1770 1771 4e9282-4e9287 1754->1771 1772 4e9733-4e9762 1754->1772 1759 4e9186-4e918b 1755->1759 1760 4e96a5-4e96b7 1755->1760 1761 4e9767-4e977f 1756->1761 1762 4e92a2-4e92a7 1756->1762 1757->1742 1758->1742 1781 4e94af-4e94b4 1758->1781 1773 4e90a9-4e90c3 1759->1773 1774 4e9191-4e9196 1759->1774 1760->1742 1761->1742 1762->1742 1782 4e92ad-4e92d3 1762->1782 1763->1742 1784 4e94cf-4e94d4 1764->1784 1785 4e911f-4e9124 1764->1785 1765->1742 1775 4e96c8-4e96dc 1766->1775 1776 4e9211-4e9216 1766->1776 1777 4e96eb-4e972e 1767->1777 1778 4e9248-4e924d 1767->1778 1768->1742 1787 4e969a-4e96a0 1769->1787 1786 4e915c-4e9161 1770->1786 1770->1787 1779 4e928d-4e9292 1771->1779 1780 4e9798-4e979d 1771->1780 1788 4e90d7-4e90e2 1772->1788 1793 4e90c8-4e90d2 1773->1793 1774->1742 1790 4e919c-4e91e3 1774->1790 1775->1742 1776->1742 1791 4e921c-4e922d 1776->1791 1777->1742 1778->1742 1792 4e9253-4e9272 1778->1792 1779->1742 1780->1742 1789 4e97a3-4e97c1 call 5aa595 1780->1789 1781->1742 1794 4e92e0-4e92e6 1782->1794 1784->1742 1785->1742 1795 4e9126-4e912b 1785->1795 1786->1742 1796 4e9163-4e9168 1786->1796 1787->1742 1788->1742 1790->1742 1791->1742 1792->1793 1793->1788 1798 4e92e8-4e92ee 1794->1798 1799 4e9310-4e9316 1794->1799 1795->1742 1796->1742 1801 4e9340-4e9346 1798->1801 1802 4e92f0-4e92f6 1798->1802 1803 4e9318-4e931e 1799->1803 1804 4e9360-4e9366 1799->1804 1805 4e93ce-4e93ea select 1801->1805 1806 4e934c-4e9352 1801->1806 1809 4e92fc-4e9302 1802->1809 1810 4e9382-4e93b1 1802->1810 1811 4e92d5-4e92da 1803->1811 1812 4e9320-4e9326 1803->1812 1807 4e936c-4e9372 1804->1807 1808 4e93fa-4e9428 1804->1808 1805->1794 1817 4e93f0-4e93f5 1805->1817 1806->1794 1813 4e9354-4e9359 1806->1813 1807->1794 1814 4e9378-4e937d 1807->1814 1818 4e942f-4e943b 1808->1818 1819 4e942a 1808->1819 1820 4e9308-4e930d 1809->1820 1821 4e9440-4e9446 1809->1821 1815 4e93b8-4e93c9 1810->1815 1816 4e93b3 1810->1816 1811->1794 1812->1794 1822 4e9328-4e9335 call 5b3657 1812->1822 1813->1794 1814->1794 1815->1794 1816->1815 1817->1794 1818->1794 1819->1818 1820->1794 1821->1794 1823 4e944c-4e9494 1821->1823 1822->1794 1826 4e9337-4e933c 1822->1826 1823->1742 1826->1794
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @$p,$p,$p,
                                                                                                                                                                                                                          • API String ID: 0-374601288
                                                                                                                                                                                                                          • Opcode ID: 024cfb1704dfad586e034b5bedb665b264f966d6613ec69152ae0168dab174e5
                                                                                                                                                                                                                          • Instruction ID: 2f5566a7a8cb90e118ef0da13b5992cdf959dd5fc877a18108b8446c34539dbe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 024cfb1704dfad586e034b5bedb665b264f966d6613ec69152ae0168dab174e5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8C14BB26086C19B8F388E1E94C056F73E19BD4312F69491BE855DB3E1D239CD4AC78B
                                                                                                                                                                                                                          Function 004F75A0 Relevance: 3.3, APIs: 2, Instructions: 310COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 2098 4f75a0-4f75f0 2099 4f75f6-4f763b call 4e2190 2098->2099 2100 4f75f2-4f75f4 2098->2100 2106 4f763d-4f763f 2099->2106 2107 4f7653-4f7655 2099->2107 2100->2099 2101 4f7641-4f7651 call 4e2190 2100->2101 2101->2099 2106->2101 2106->2107 2108 4f7657-4f765e 2107->2108 2109 4f7662-4f7673 2107->2109 2110 4f7681-4f76b2 2108->2110 2111 4f7660 2108->2111 2109->2110 2112 4f7675-4f767b 2109->2112 2119 4f76c0-4f76c5 2110->2119 2111->2112 2112->2110 2113 4f77ef-4f77f5 2112->2113 2114 4f77cd-4f77e0 2113->2114 2115 4f77f7 2113->2115 2117 4f77fc-4f77ff 2114->2117 2118 4f77e2-4f77e7 2114->2118 2115->2110 2122 4f7801-4f784b 2117->2122 2120 4f77ed 2118->2120 2121 4f78f9-4f7948 2118->2121 2123 4f76c7-4f76cc 2119->2123 2124 4f76e0-4f76e5 2119->2124 2120->2122 2127 4f7970-4f7976 2121->2127 2128 4f7850-4f7856 2122->2128 2129 4f76ce-4f76d3 2123->2129 2130 4f770b-4f772b 2123->2130 2125 4f76fe-4f7702 shutdown 2124->2125 2126 4f76e7-4f76ec 2124->2126 2132 4f7704-4f7709 2125->2132 2126->2119 2131 4f76ee-4f76fc 2126->2131 2135 4f7978-4f797e 2127->2135 2136 4f7990-4f7996 2127->2136 2137 4f7858-4f785e 2128->2137 2138 4f7870-4f7876 2128->2138 2129->2119 2139 4f76d5 2129->2139 2133 4f772d-4f7732 2130->2133 2134 4f7742-4f7757 2130->2134 2131->2119 2132->2119 2133->2134 2140 4f7734 2133->2140 2141 4f7760-4f7766 2134->2141 2142 4f79a4-4f79a9 2135->2142 2143 4f7980-4f7986 2135->2143 2146 4f794a-4f796a 2136->2146 2147 4f7998-4f799e 2136->2147 2144 4f7884-4f7889 2137->2144 2145 4f7860-4f7866 2137->2145 2148 4f788b-4f78af 2138->2148 2149 4f7878-4f787e 2138->2149 2139->2132 2150 4f7740 2140->2150 2151 4f7768-4f776e 2141->2151 2152 4f7780-4f7786 2141->2152 2142->2127 2143->2127 2153 4f7988-4f79be call 5ab6e7 2143->2153 2144->2128 2145->2128 2154 4f7868-4f78e6 call 5ab6e7 2145->2154 2146->2127 2147->2127 2155 4f79a0-4f79a2 2147->2155 2148->2128 2149->2128 2156 4f7880-4f7882 2149->2156 2150->2150 2157 4f77b5-4f77cb 2151->2157 2158 4f7770-4f7776 2151->2158 2161 4f7788-4f778e 2152->2161 2162 4f77a0-4f77b3 closesocket 2152->2162 2153->2122 2169 4f78ec-4f78ee 2154->2169 2170 4f79c3-4f79d3 2154->2170 2155->2127 2156->2128 2157->2114 2158->2141 2165 4f7778-4f777d 2158->2165 2161->2141 2166 4f7790-4f779e 2161->2166 2162->2141 2165->2141 2166->2141 2169->2170 2171 4f78f4-4f78f7 2169->2171 2171->2121
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b96b9fe2e22907d820ff73839e75ccfec3f9dba5edc5a22a430918e44bb3e288
                                                                                                                                                                                                                          • Instruction ID: 06ef30587b858344ffefdb1ca14bd6a0548c5d8ed6844619432d414e45fcecbe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b96b9fe2e22907d820ff73839e75ccfec3f9dba5edc5a22a430918e44bb3e288
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9B14975A086098BCF289F2895D06BE77E1EF55370F24424BD656AB3E0D33DAC05CB89
                                                                                                                                                                                                                          Function 004DEEF0 Relevance: 2.7, Strings: 2, Instructions: 234COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: '3%f$'3%f
                                                                                                                                                                                                                          • API String ID: 0-727188518
                                                                                                                                                                                                                          • Opcode ID: 744748485922757162904f4efeb53aff5cf3894051fff01d65c251785aa6f02a
                                                                                                                                                                                                                          • Instruction ID: b53154c89f9a3261620ed04157a2aad39e532b9a1421869a104f0ab700f7c3ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 744748485922757162904f4efeb53aff5cf3894051fff01d65c251785aa6f02a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED8113757002458FCB188F3898E05AE77E2AF89314B64892BE812DF3A1D639DC0ADB55
                                                                                                                                                                                                                          Function 005BFB86 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b3f2cf81aeef67e162f88b5cfd033076fb3e4bdf912632d000a00060e2210b99
                                                                                                                                                                                                                          • Instruction ID: b6b4f5e58bc5aa9166d41b7c0516feaeca104d2eee67a5561d5cbf26fb758cdb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3f2cf81aeef67e162f88b5cfd033076fb3e4bdf912632d000a00060e2210b99
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEF03072611224DBCF16DB48D845A9AB7FCFB45B61F1140A6E541DB151D7B0ED00DBD0
                                                                                                                                                                                                                          Function 004E4A70 Relevance: 13.7, APIs: 9, Instructions: 215networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 912 4e4a70-4e4a9f 913 4e4ac0-4e4ac5 912->913 914 4e4ac7-4e4acc 913->914 915 4e4b30-4e4b35 913->915 918 4e4ad2-4e4ad7 914->918 919 4e4c20-4e4c25 914->919 916 4e4b3b-4e4b40 915->916 917 4e4c60-4e4c65 915->917 920 4e4caf-4e4cec 916->920 921 4e4b46-4e4b4b 916->921 926 4e4c6b-4e4c70 917->926 927 4e4d80-4e4d85 917->927 924 4e4add-4e4ae2 918->924 925 4e4c98-4e4c9d 918->925 922 4e4c2b-4e4c30 919->922 923 4e4d36-4e4d7b WSAGetLastError 919->923 920->913 930 4e4cf1-4e4d31 call 4e4dc0 921->930 931 4e4b51-4e4b56 921->931 932 4e4aad-4e4ab4 922->932 933 4e4c36-4e4c3b 922->933 923->913 934 4e4ae4-4e4ae9 924->934 935 4e4aa1-4e4aa7 924->935 928 4e4d94-4e4d99 925->928 929 4e4ca3-4e4caa WSAGetLastError 925->929 936 4e4d8a-4e4d8f 926->936 937 4e4c76-4e4c7b 926->937 927->913 928->913 940 4e4d9f-4e4db6 call 5aa595 928->940 929->913 930->913 931->913 938 4e4b5c-4e4c0d ioctlsocket call 5aa690 setsockopt call 5aa690 setsockopt 931->938 932->913 933->913 941 4e4c41-4e4c56 933->941 934->913 942 4e4aeb-4e4b28 ioctlsocket connect 934->942 935->932 936->913 937->913 943 4e4c81-4e4c93 937->943 938->913 941->913 942->913 943->913
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ioctlsocket.WS2_32(?,8004667E,00000001), ref: 004E4B02
                                                                                                                                                                                                                          • connect.WS2_32(?,?,00000000), ref: 004E4B13
                                                                                                                                                                                                                          • ioctlsocket.WS2_32(?,8004667E,00000000), ref: 004E4B73
                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004E4B97
                                                                                                                                                                                                                          • setsockopt.WS2_32(?,0000FFFF,00001006,00000000,00000004), ref: 004E4BB0
                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004E4BD0
                                                                                                                                                                                                                          • setsockopt.WS2_32(?,0000FFFF,00001005,00000000,00000004), ref: 004E4BF2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@ioctlsocketsetsockopt$connect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1330999873-0
                                                                                                                                                                                                                          • Opcode ID: f2e714dc7ce25a16c6252951f80f8fded422082b0e3f13992ca49279eb8b4c6b
                                                                                                                                                                                                                          • Instruction ID: 21dc83591d7872edc4730219250d00a07db74fa6c70d3ddec5c740aae4e030d1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2e714dc7ce25a16c6252951f80f8fded422082b0e3f13992ca49279eb8b4c6b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC81D531204280DFCB158F59DC84A2AB7E0ABE5715F198AAAF645CF3A1C739DC05DB4B
                                                                                                                                                                                                                          Function 005BD3C9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1717 5bd3c9-5bd3d5 1718 5bd47c-5bd47f 1717->1718 1719 5bd3da-5bd3eb 1718->1719 1720 5bd485 1718->1720 1721 5bd3f8-5bd411 LoadLibraryExW 1719->1721 1722 5bd3ed-5bd3f0 1719->1722 1723 5bd487-5bd48b 1720->1723 1726 5bd463-5bd46c 1721->1726 1727 5bd413-5bd41c GetLastError 1721->1727 1724 5bd479 1722->1724 1725 5bd3f6 1722->1725 1724->1718 1729 5bd475-5bd477 1725->1729 1728 5bd46e-5bd46f FreeLibrary 1726->1728 1726->1729 1730 5bd41e-5bd430 call 5c099e 1727->1730 1731 5bd453 1727->1731 1728->1729 1729->1724 1733 5bd48c-5bd48e 1729->1733 1730->1731 1737 5bd432-5bd444 call 5c099e 1730->1737 1732 5bd455-5bd457 1731->1732 1732->1726 1735 5bd459-5bd461 1732->1735 1733->1723 1735->1724 1737->1731 1740 5bd446-5bd451 LoadLibraryExW 1737->1740 1740->1732
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                          • API String ID: 0-537541572
                                                                                                                                                                                                                          • Opcode ID: 862a861cd9db26731c67dac2a6eb27b895bedc7fd3f06f80baa6b7838202d753
                                                                                                                                                                                                                          • Instruction ID: c0c1debd5234b4f7d2b03c4c0b93b37984df87ac9a67daa9f6198f8a52f6de50
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 862a861cd9db26731c67dac2a6eb27b895bedc7fd3f06f80baa6b7838202d753
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C321D871A02625BBDF314F649C44BAA7F74BB147A4F244522ED46A72A1F6B0FD00D5F0
                                                                                                                                                                                                                          Function 0058B550 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 248COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1880 58b550-58b5ad call 5aa52a 1883 58b5af-58b5b1 1880->1883 1884 58b5c2-58b5f5 1880->1884 1883->1884 1885 58b5b3-58b5be 1883->1885 1886 58b600-58b606 1884->1886 1887 58b5c0 1885->1887 1888 58b608-58b60e 1886->1888 1889 58b630-58b636 1886->1889 1887->1887 1890 58b610-58b616 1888->1890 1891 58b661-58b6b1 1888->1891 1892 58b638-58b63e 1889->1892 1893 58b6b6-58b70e 1889->1893 1890->1886 1894 58b618-58b620 1890->1894 1891->1886 1892->1886 1895 58b640-58b65f 1892->1895 1896 58b710-58b716 1893->1896 1894->1886 1895->1886 1897 58b718-58b71e 1896->1897 1898 58b730-58b736 1896->1898 1899 58b720-58b726 1897->1899 1900 58b765-58b780 call 5b1296 1897->1900 1901 58b738-58b73e 1898->1901 1902 58b761-58b763 1898->1902 1899->1896 1903 58b728-58b72d 1899->1903 1906 58b785-58b78c 1900->1906 1901->1896 1904 58b740-58b75f 1901->1904 1902->1896 1903->1896 1904->1896 1907 58b84b-58b871 1906->1907 1908 58b792-58b7b6 1906->1908 1909 58b882-58b8b3 call 5ab015 call 58bb70 1907->1909 1910 58b873-58b878 1907->1910 1911 58b7c0-58b7c5 1908->1911 1910->1909 1912 58b87a 1910->1912 1913 58b83a-58b84a 1911->1913 1914 58b7c7-58b7cc 1911->1914 1916 58b880 1912->1916 1917 58b7ce-58b7d3 1914->1917 1918 58b7e3-58b7f3 1914->1918 1916->1916 1917->1911 1920 58b7d5-58b7e1 1917->1920 1921 58b810-58b815 1918->1921 1920->1911 1924 58b7f5-58b80e call 5aa55a 1921->1924 1925 58b817-58b81c 1921->1925 1924->1921 1927 58b81e-58b823 1925->1927 1928 58b833-58b838 1925->1928 1927->1921 1930 58b825-58b831 1927->1930 1928->1911 1930->1921
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: WyT$WyT$WyT
                                                                                                                                                                                                                          • API String ID: 0-1945841279
                                                                                                                                                                                                                          • Opcode ID: 8dc2ea08bfb245029f45d0b4b627954419a4c326fe32a342c023ed03f72b17f0
                                                                                                                                                                                                                          • Instruction ID: 9b724ee8419377718ecdf0bd22cf332171414c57e3b740dbf274e94066ef3d3f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dc2ea08bfb245029f45d0b4b627954419a4c326fe32a342c023ed03f72b17f0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B912476A052498FDB149F6898907ED7BFAFFDA320F29061AD851BB2A1D7314C05CB90
                                                                                                                                                                                                                          Function 004EA330 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 153COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1931 4ea330-4ea33c 1932 4ea350-4ea356 1931->1932 1933 4ea358-4ea35e 1932->1933 1934 4ea3c0-4ea3c6 1932->1934 1935 4ea364-4ea36a 1933->1935 1936 4ea450-4ea456 1933->1936 1937 4ea3cc-4ea3d2 1934->1937 1938 4ea4a7-4ea4ad 1934->1938 1941 4ea4c9-4ea4d3 1935->1941 1942 4ea370-4ea376 1935->1942 1939 4ea52f-4ea554 1936->1939 1940 4ea45c-4ea462 1936->1940 1945 4ea51b-4ea520 1937->1945 1946 4ea3d8-4ea3de 1937->1946 1943 4ea57c-4ea586 call 5b3657 1938->1943 1944 4ea4b3-4ea4b9 1938->1944 1947 4ea55b-4ea56d 1939->1947 1948 4ea556 1939->1948 1949 4ea468-4ea46e 1940->1949 1950 4ea572-4ea577 1940->1950 1941->1932 1956 4ea4d9-4ea4de 1941->1956 1952 4ea37c-4ea382 1942->1952 1953 4ea4e3-4ea510 1942->1953 1943->1932 1954 4ea4bf-4ea4c4 1944->1954 1955 4ea58b-4ea591 1944->1955 1945->1932 1957 4ea3e4-4ea3ea 1946->1957 1958 4ea525-4ea52a 1946->1958 1947->1932 1948->1947 1949->1932 1959 4ea474-4ea497 select 1949->1959 1950->1932 1952->1932 1961 4ea384-4ea3b1 1952->1961 1963 4ea33e 1953->1963 1964 4ea516 1953->1964 1954->1932 1955->1932 1962 4ea597-4ea5a0 1955->1962 1956->1932 1957->1932 1965 4ea3f0-4ea423 call 5b3657 1957->1965 1958->1932 1959->1932 1967 4ea49d-4ea4a2 1959->1967 1961->1963 1968 4ea3b3 1961->1968 1966 4ea343-4ea34e 1963->1966 1964->1966 1971 4ea42a-4ea43d 1965->1971 1972 4ea425 1965->1972 1966->1932 1967->1932 1968->1966 1971->1932 1972->1971
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: N/!$N/!$N/!
                                                                                                                                                                                                                          • API String ID: 0-625989065
                                                                                                                                                                                                                          • Opcode ID: c801d6847248ee09bbdb0800fede5a41cc38c618327e9a57f8edd59b16a53316
                                                                                                                                                                                                                          • Instruction ID: 7dadcc76ded4428d6de404503c1d6dc72b50c51c1914fbe5f9434947ee39ae16
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c801d6847248ee09bbdb0800fede5a41cc38c618327e9a57f8edd59b16a53316
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2641BA366087C0EFDF2C456A59E453F21968BE0326F2D811BE91B0F7D0D11AEC6A974B
                                                                                                                                                                                                                          Function 0047730D Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1973 47730d-477318 1975 477319-477321 1973->1975 1975->1975 1976 477322-47733a 1975->1976 1977 477383-47738b 1976->1977 1978 47733c-47734f 1976->1978 1979 477396-4773b1 call 5ab8ad call 5ab896 1977->1979 1978->1977 1984 477426-47742f 1979->1984 1985 4773b3-4773d2 1979->1985 1987 477431-47746e call 5aa690 1984->1987 1988 47749c-4774ad call 5aa690 1984->1988 1992 47751c-477523 1985->1992 1993 4773d8-4773ef 1985->1993 1999 47746f-477477 1987->1999 1996 4774ae-4774b6 1988->1996 1997 4773f1-477421 call 5aa690 1993->1997 1998 477390-477391 Sleep 1993->1998 2004 4774b8-4774f1 1996->2004 1997->1998 1998->1979 1999->1999 2001 477479-47747b 1999->2001 2006 4774f2-4774fa 2004->2006 2006->2006 2007 4774fc-4774fe 2006->2007
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c0156ddb2abbf75d21cfb16506cb7fe0002200d48451132353ce7dd16787a1f2
                                                                                                                                                                                                                          • Instruction ID: a786d7f72d4160a377d81d07df08738f5d82a64685cca36416365cffa4b38d55
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0156ddb2abbf75d21cfb16506cb7fe0002200d48451132353ce7dd16787a1f2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1851CE31B087114BC71DDE389C1226A7BD6ABC5744FA5C53EE84ADB392F6298C0AC7D1
                                                                                                                                                                                                                          Function 0047747C Relevance: 4.6, APIs: 3, Instructions: 62sleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 2008 47747c-477497 call 5aa690 2011 4773c4-4773d2 2008->2011 2012 47751c-477523 2011->2012 2013 4773d8-4773ef 2011->2013 2014 4773f1-477421 call 5aa690 2013->2014 2015 477390-477391 Sleep 2013->2015 2014->2015 2017 477396-4773b1 call 5ab8ad call 5ab896 2015->2017 2023 477426-47742f 2017->2023 2024 4773b3-4773c2 2017->2024 2026 477431-47746e call 5aa690 2023->2026 2027 47749c-4774ad call 5aa690 2023->2027 2024->2011 2033 47746f-477477 2026->2033 2032 4774ae-4774b6 2027->2032 2036 4774b8-4774f1 2032->2036 2033->2033 2034 477479-47747b 2033->2034 2038 4774f2-4774fa 2036->2038 2038->2038 2039 4774fc-4774fe 2038->2039
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • Sleep.KERNEL32(05265C00,00000000), ref: 00477391
                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004773FA
                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0047743A
                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0047748D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Sleep
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1587848893-0
                                                                                                                                                                                                                          • Opcode ID: dfadbbf46f274dd91fc6243da409d9567cb1d0c7f3ea42d536a9b56c6f0a358e
                                                                                                                                                                                                                          • Instruction ID: 81086269c62ca8518c5b002e8fd59cd867aa43f895876f27ea52a19930522c08
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfadbbf46f274dd91fc6243da409d9567cb1d0c7f3ea42d536a9b56c6f0a358e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15116B32B0470117D71CA93C8C4673D36D6ABD4B04FBA893CF90ADB392FA289C054795
                                                                                                                                                                                                                          Function 005B1296 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 2040 5b1296-5b12a1 2041 5b12a3-5b12b6 call 5b3657 call 5b3d49 2040->2041 2042 5b12b7-5b12ca call 5b1327 2040->2042 2048 5b12f8 2042->2048 2049 5b12cc-5b12e9 CreateThread 2042->2049 2053 5b12fa-5b1306 call 5b1377 2048->2053 2051 5b12eb-5b12f7 GetLastError call 5b367d 2049->2051 2052 5b1307-5b130c 2049->2052 2051->2048 2054 5b130e-5b1311 2052->2054 2055 5b1313-5b1317 2052->2055 2054->2055 2055->2053
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateThread.KERNELBASE(?,?,Function_001713AE,00000000,00000000,?), ref: 005B12DF
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0058B785,00000000,00000000,0058B8C0,?,00000000,?), ref: 005B12EB
                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 005B12F2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2744730728-0
                                                                                                                                                                                                                          • Opcode ID: c6774992e9d66c78c3ccea7b7c8d0240f6d9757f91132de3c1ceaad8e8bfb525
                                                                                                                                                                                                                          • Instruction ID: 6b5a00d70e5284f2990b3b3b48a84d2097d3575156a846340336df1b250ece7b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6774992e9d66c78c3ccea7b7c8d0240f6d9757f91132de3c1ceaad8e8bfb525
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3301DE3250060ABFCF149FA1DC19AEE7FA4FF40360F500428F80196150EB30EE10EB94
                                                                                                                                                                                                                          Function 00477350 Relevance: 3.1, APIs: 2, Instructions: 72sleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 2172 477350-47735f 2173 477360-477368 2172->2173 2174 477379-47737e 2172->2174 2173->2173 2175 47736a-477377 2173->2175 2176 477383-47738b 2174->2176 2175->2176 2177 477396-4773b1 call 5ab8ad call 5ab896 2176->2177 2183 477426-47742f 2177->2183 2184 4773b3-4773d2 2177->2184 2186 477431-47746e call 5aa690 2183->2186 2187 47749c-4774ad call 5aa690 2183->2187 2191 47751c-477523 2184->2191 2192 4773d8-4773ef 2184->2192 2198 47746f-477477 2186->2198 2195 4774ae-4774b6 2187->2195 2196 4773f1-477421 call 5aa690 2192->2196 2197 477390-477391 Sleep 2192->2197 2203 4774b8-4774f1 2195->2203 2196->2197 2197->2177 2198->2198 2200 477479-47747b 2198->2200 2205 4774f2-4774fa 2203->2205 2205->2205 2206 4774fc-4774fe 2205->2206
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • Sleep.KERNEL32(05265C00,00000000), ref: 00477391
                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004773FA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: SleepUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4141101911-0
                                                                                                                                                                                                                          • Opcode ID: 317a9b2d6695e94149015236390f7c1cda8445646bae6c3562918e06cab2b6c4
                                                                                                                                                                                                                          • Instruction ID: fa39466428d66511ba34b3efdbab15f3de6d572303e6d46ca2dff3c53432d583
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 317a9b2d6695e94149015236390f7c1cda8445646bae6c3562918e06cab2b6c4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74116A32B087414787189A3C484113D36D6ABD5724BB9CB3DE92ACB3D1FA298C0A8395
                                                                                                                                                                                                                          Function 005B13AE Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLastError.KERNEL32(005DD880,0000000C), ref: 005B13C1
                                                                                                                                                                                                                          • ExitThread.KERNEL32 ref: 005B13C8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorExitLastThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1611280651-0
                                                                                                                                                                                                                          • Opcode ID: af5d72c0d83011d99f36bd3e76789c80783376dcddaa2c7338eec742be59a162
                                                                                                                                                                                                                          • Instruction ID: 334eb20e021b0aff2eea21ff6b79f58c0d4a6ab0a3df794b24f211c5b5651672
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af5d72c0d83011d99f36bd3e76789c80783376dcddaa2c7338eec742be59a162
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69F0C870A00605AFDB14BFB0E80EABD3F75FF84710F20055AF00197252EB346901DBA1
                                                                                                                                                                                                                          Function 004F3B50 Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 004F3D41
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 118556049-0
                                                                                                                                                                                                                          • Opcode ID: d62f5c13ef4cff4792b9e76d137e77f1b35e68172a3496dbd09a3704f802cb2c
                                                                                                                                                                                                                          • Instruction ID: e701b485690b7540f86b6dbca4a6fc9e8f890c778b812f024db479ed0f9ff4bf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d62f5c13ef4cff4792b9e76d137e77f1b35e68172a3496dbd09a3704f802cb2c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C5163326002898BCB0CCF6898946BF7BE2EF89315F68456AE1059F3D1D7389E09CB45
                                                                                                                                                                                                                          Function 005BD490 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cf56665b2ca9b3a8bbadc3b6a9e97cf1e6352add989ac5c580dfd336eba7e439
                                                                                                                                                                                                                          • Instruction ID: c7c54099968e931b8b487c06be214d5dfe9d423da003b4abd26625a9a5461ddf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf56665b2ca9b3a8bbadc3b6a9e97cf1e6352add989ac5c580dfd336eba7e439
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D01D8337106166F9F2A8F69EC8499A3BF6BBD53607258525F904CB194FE30F805D760
                                                                                                                                                                                                                          Function 005BC6F1 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,005BE3AA,00000220,AG\,?,?,?,?,?,00000000,00000000,?,005C4741), ref: 005BC723
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                          • Opcode ID: a1e83b399c441311a3a70b34078a03def3140c1a3b9c60892dd0120008c63af1
                                                                                                                                                                                                                          • Instruction ID: c4b88e3727474681a9f9dff44e3f65832516fb53d3763c9d51e2e98a271ae95e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1e83b399c441311a3a70b34078a03def3140c1a3b9c60892dd0120008c63af1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56E0653120552566D7212A659C09BDB7E88FF827F1F290129EC46DA190DF50FC0099ED

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 005014A0 Relevance: 135.4, Strings: 106, Instructions: 2882COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: %s %s HTTP/1.1$*/*$0$0.12.1$Accept$B$1s$B$1s$B$1s$B$1s$B$1s$B$1s$B$1s$B$1s$B$1s$B$1s$B$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$C$1s$Connection$Content-Length$Content-Type$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$E+V|$Host$PATCH$POST$PUT$Proxy-Authorization$User-Agent$close$cpp-httplib/$text/plain
                                                                                                                                                                                                                          • API String ID: 0-853620427
                                                                                                                                                                                                                          • Opcode ID: 61397d0b206358d6c77fea409254222b131d5c3983d0e108765419ab279c3918
                                                                                                                                                                                                                          • Instruction ID: 72913c0f0b890421e17212d225a4533b12cd4b6817fea76c44d6c955d02383d1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61397d0b206358d6c77fea409254222b131d5c3983d0e108765419ab279c3918
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70336636A006498FCF18CF74A8D56ED7FB6BF95324F284209E451AB2E2D7355E4ACB40
                                                                                                                                                                                                                          Function 004C04F0 Relevance: 117.5, Strings: 92, Instructions: 2451COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: *W$*W$*W$*W$*W$*W$*W$*W$*W$*W$*W$*W$*W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$+W$Ea6S$Fa6S$Fa6S$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[$m[
                                                                                                                                                                                                                          • API String ID: 0-4290029852
                                                                                                                                                                                                                          • Opcode ID: 08be6406c49a1cbc1d469e36c2d3eda4b1570a7ef4649ba553b625bf4c749fe9
                                                                                                                                                                                                                          • Instruction ID: e630ff0569d4a9a41f843695fae52d2e429565236dc59dace97babb9ef45a3a3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08be6406c49a1cbc1d469e36c2d3eda4b1570a7ef4649ba553b625bf4c749fe9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D132A3D7083408FCB588A288590A2FB7D26FC6390F29495FEC9587366D675CC4ADB87
                                                                                                                                                                                                                          Function 004C7290 Relevance: 30.5, Strings: 24, Instructions: 476COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: tAL6$tAL6$tAL6$tAL6$uAL6$uAL6$uAL6$uAL6$uAL6$uAL6$uAL6$uAL6$uAL6$uAL6$uAL6$uAL6$uAL6$uAL6$uAL6$uAL6$uAL6$uGK$vGK$vGK
                                                                                                                                                                                                                          • API String ID: 0-3317679798
                                                                                                                                                                                                                          • Opcode ID: 53e5e5501d0aa6529fd786d215d89b3204bfb7d16c78ad79eb790d6606b30322
                                                                                                                                                                                                                          • Instruction ID: 209f923b4c3157e461b17ac01733ae37e1328f94ef837bdd9e13ba4e4429c21f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53e5e5501d0aa6529fd786d215d89b3204bfb7d16c78ad79eb790d6606b30322
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1F17B3D708240ABCE5C8A2855E4A3F77D35BD0360B28861FE9574B7E4C6398C49DF86
                                                                                                                                                                                                                          Function 00579500 Relevance: 29.4, Strings: 23, Instructions: 603COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: F73$G^7C$G^7C$tpjL$upjL$upjL$upjL$upjL$upjL$upjL$upjL$upjL$upjL$upjL$upjL$upjL$upjL$upjL$upjL$upjL$upjL$gP?$gP?
                                                                                                                                                                                                                          • API String ID: 0-3486692178
                                                                                                                                                                                                                          • Opcode ID: 9bf286447b1178689f930e0a9f459c93b0d2a0296f1e82652fa91537f6aa1eed
                                                                                                                                                                                                                          • Instruction ID: 37dbe9500e2d9b63ca87dd4e63db86682980d8fe9629854f01e37bb5dce07aed
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bf286447b1178689f930e0a9f459c93b0d2a0296f1e82652fa91537f6aa1eed
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C221F77E041378B8F299E3CA5D40BD7BB1BE943607668A1ACC5A3B390D6215C41EFE1
                                                                                                                                                                                                                          Function 004AE3E0 Relevance: 23.4, APIs: 2, Strings: 11, Instructions: 647COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: -QD>$-QD>$-QD>$XrGR$XrGR$XrGR$XrGR$XrGR$|~;!$}~;!$}~;!
                                                                                                                                                                                                                          • API String ID: 0-2268063560
                                                                                                                                                                                                                          • Opcode ID: 5056bcc0356452abfce67e74e06423c793dd5640993866aa7de859b6cc09f406
                                                                                                                                                                                                                          • Instruction ID: 040a10f36bf718ec13d65902b351762022f2efa6e5cc5f5c653eecc85cf8441a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5056bcc0356452abfce67e74e06423c793dd5640993866aa7de859b6cc09f406
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92322F356083418BCA28872E51D453B36C69BF6324F298E27E476CF3E5D62DCC469B47
                                                                                                                                                                                                                          Function 004551E0 Relevance: 20.5, Strings: 16, Instructions: 529COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 3"[u$3"[u$3"[u$3"[u$3"[u$3"[u$3"[u$3"[u$3"[u$3"[u$3"[u$3"[u$3"[u$3"[u$3"[u$3"[u
                                                                                                                                                                                                                          • API String ID: 0-2770313315
                                                                                                                                                                                                                          • Opcode ID: eb698c778dd84fe8c00f779d0a473830709594c98a154e31e7e78b18b275c0f6
                                                                                                                                                                                                                          • Instruction ID: e04970d44cd2b4773b3d8cb4019a14aabb59d8eb917e042b53d8f006af7ebe39
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb698c778dd84fe8c00f779d0a473830709594c98a154e31e7e78b18b275c0f6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1802AD37E04655CFCF288B6894F02FEB7E29B89362F694057DC556B352CA294C0ECB84
                                                                                                                                                                                                                          Function 004671D0 Relevance: 20.0, APIs: 2, Strings: 9, Instructions: 772COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: !KT$!KT$!KT$!KT$-?7%$-?7%$-?7%$O+a$O+a
                                                                                                                                                                                                                          • API String ID: 0-476843299
                                                                                                                                                                                                                          • Opcode ID: f3595077a080ffb199d52c883ba3d79ba10a7c3ee89c6db4690981df19540364
                                                                                                                                                                                                                          • Instruction ID: 50a1275ae688655f6146c2b85e405d088e7a07d3f9dc96bbbaebc6262809132d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3595077a080ffb199d52c883ba3d79ba10a7c3ee89c6db4690981df19540364
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B52E53561C2018FCB28CF28989052EB7E1AFD4358F244A5FF866C73A0E639DD459B87
                                                                                                                                                                                                                          Function 004FF0F0 Relevance: 16.6, Strings: 13, Instructions: 380COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ^>?$^>?$^>?$^>?$^>?$^>?$^>?$^>?$^>?$^>?$^>?$^>?$^>?
                                                                                                                                                                                                                          • API String ID: 0-36297465
                                                                                                                                                                                                                          • Opcode ID: 73062e5722eb5d14557d0aa888eba1b4529212db09ea628136c9c2b846d76772
                                                                                                                                                                                                                          • Instruction ID: f2c8e4e2eeb61894df6379e8b461a199fa1b5dea80cfe19c9942d36b97be66b6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73062e5722eb5d14557d0aa888eba1b4529212db09ea628136c9c2b846d76772
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22D178763083449BCA084A2858A057B7BD25FC5710F2D897FE996CB392D2398C0FD746
                                                                                                                                                                                                                          Function 00572450 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 314COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @Zc$AZc$AZc$R^$R^$R^$R^
                                                                                                                                                                                                                          • API String ID: 0-2037085649
                                                                                                                                                                                                                          • Opcode ID: a1e64d62a2ead49fbf8fc82fff530684f4a94de763c656da15cb0aae90508eda
                                                                                                                                                                                                                          • Instruction ID: b67e967fc27d48a02c9b891ba44d05ea4734b7f5a94d19a1d7400e2b5bba8456
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1e64d62a2ead49fbf8fc82fff530684f4a94de763c656da15cb0aae90508eda
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07B12B363043408B8E1C4A346DD447A7ED3BFD63A0F29C92AE45E8F6E5D521CD89A742
                                                                                                                                                                                                                          Function 00441000 Relevance: 16.0, Strings: 12, Instructions: 1039COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: QQ$QQ$QQ$QQ$QQ$'juq$'juq$hp`$hp`$~$~$~
                                                                                                                                                                                                                          • API String ID: 0-3355956011
                                                                                                                                                                                                                          • Opcode ID: 1d2a46206da06820696a6cdacd2c133bbd85d613d70efa1c71bff6b9e74a58c1
                                                                                                                                                                                                                          • Instruction ID: 6593315114f68070c22ac7e8e528bf11d263f7ed4a3ca1101681fd22ec0ee531
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d2a46206da06820696a6cdacd2c133bbd85d613d70efa1c71bff6b9e74a58c1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7821475B05544CFDF18CB68C9D066EB7F2AB88350B24451BE812EB7B0C639DCC29B96
                                                                                                                                                                                                                          Function 00566550 Relevance: 15.6, Strings: 12, Instructions: 572COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ?{! $?{! $@{! $@{! $@{! $@{! $@{! $@{! $Ij9$Ij9$Ij9$Ij9
                                                                                                                                                                                                                          • API String ID: 0-3763162383
                                                                                                                                                                                                                          • Opcode ID: f424bc55e5b2c5ec4781858c9a872a89b8123a570494ea22b6e0dda252d58c92
                                                                                                                                                                                                                          • Instruction ID: a99f730495a7ed4c9f753709257d9438acc92dcde23ac08c3094b97e762240be
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f424bc55e5b2c5ec4781858c9a872a89b8123a570494ea22b6e0dda252d58c92
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9224576B002568BCF14CF7899D01AEBFF2BF99360F298569D855EB391C6318C46CB90
                                                                                                                                                                                                                          Function 004E64D0 Relevance: 14.1, Strings: 11, Instructions: 392COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: cYhv$dYhv$dYhv$vUa$vUa$wUa$wUa$wUa$wUa$wUa$wUa
                                                                                                                                                                                                                          • API String ID: 0-2444858218
                                                                                                                                                                                                                          • Opcode ID: 33851b0e6824ef857f2d2c5c49091a9073896047a9e30012c1162679f4c39a1f
                                                                                                                                                                                                                          • Instruction ID: acaecdfa09fce011f906548289d86a43c0e6ef7faa389d0266385028b4f52b6c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33851b0e6824ef857f2d2c5c49091a9073896047a9e30012c1162679f4c39a1f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DE13676B002459FCF088F29E8905BEB7F2BFA9351F26451AE806DB3A4D235CC458F95
                                                                                                                                                                                                                          Function 00514190 Relevance: 14.1, Strings: 11, Instructions: 350COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: .12$.12$/12$/12$/12$/12$/12$/12$&_,$&_,$&_,
                                                                                                                                                                                                                          • API String ID: 0-1866496091
                                                                                                                                                                                                                          • Opcode ID: eed658767549be2f48a1a1cb4aadcc1828964b348bb13f212a8fe165f22084fa
                                                                                                                                                                                                                          • Instruction ID: 942952bf89e78c0d34326818d95131227718fa7d6c1a9a49ad51aa65a0a46640
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eed658767549be2f48a1a1cb4aadcc1828964b348bb13f212a8fe165f22084fa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1C15E753045814BDB2C8E386CD14BA7BD37FD13647789A29E4B6CB2E5DA20DC8ADB40
                                                                                                                                                                                                                          Function 00532490 Relevance: 12.9, Strings: 10, Instructions: 401COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: uq2$uq2$vq2$vq2$vq2$vq2$vq2$vq2$vq2$vq2
                                                                                                                                                                                                                          • API String ID: 0-3624177132
                                                                                                                                                                                                                          • Opcode ID: b1b79085d977e11138c150739bb31ae93678262994597df55925ceab491be059
                                                                                                                                                                                                                          • Instruction ID: 64fd3673ad1b765d246566bfba8d115e4a294962cde2d80478772482bee434c1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1b79085d977e11138c150739bb31ae93678262994597df55925ceab491be059
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDE1E276E046598FCF08CFA4D4906EDBFF6BF98350F29805AD845AB251C734AD46CB90
                                                                                                                                                                                                                          Function 00517500 Relevance: 12.9, Strings: 10, Instructions: 367COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ?d{f$?d{f$?d{f$?d{f$?d{f$?d{f$?d{f$?d{f$?d{f$?d{f
                                                                                                                                                                                                                          • API String ID: 0-4015701808
                                                                                                                                                                                                                          • Opcode ID: 4135b0224a99eb182bc1242aa819c90ef5988b9f8e64db8e95ff78f909b6caf6
                                                                                                                                                                                                                          • Instruction ID: b5cbc137315e08570fa3c1559891dfaa05fe4b91566bb97df1063c3cb145a5ab
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4135b0224a99eb182bc1242aa819c90ef5988b9f8e64db8e95ff78f909b6caf6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EC12D2670C5458BAB144A3C55D45AA3EE37BCD350F38CA6AE4698B2D4D630CC8EDB91
                                                                                                                                                                                                                          Function 00513300 Relevance: 12.8, Strings: 10, Instructions: 336COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ?d{f$?d{f$?d{f$?d{f$?d{f$?d{f$?d{f$?d{f$?d{f$?d{f
                                                                                                                                                                                                                          • API String ID: 0-4015701808
                                                                                                                                                                                                                          • Opcode ID: 983770a14edbc28fb3ec10c05e2c6b2e9649b1519a851d6b68b74904731247e5
                                                                                                                                                                                                                          • Instruction ID: 91bcc13e870d2888c1f8053af6605aa5b96fa4ba8c7c53a7daf930a1c2104408
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 983770a14edbc28fb3ec10c05e2c6b2e9649b1519a851d6b68b74904731247e5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62C160727083519F9B148A2C95A059BBFC1BBCE350F598DA9F899D7390D230CE49DB82
                                                                                                                                                                                                                          Function 0047E310 Relevance: 12.8, APIs: 5, Strings: 3, Instructions: 788COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 8r?<$8r?<$8r?<
                                                                                                                                                                                                                          • API String ID: 0-3874647243
                                                                                                                                                                                                                          • Opcode ID: fec100b1093f449bdde113cfca19ca5cf311e1b1d1bcac66c4fafaa615fc650f
                                                                                                                                                                                                                          • Instruction ID: d5c21c4ced198074f6e2ccf79cb0a6c7d9c5a1d43c5b3363653fb6872170e4ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fec100b1093f449bdde113cfca19ca5cf311e1b1d1bcac66c4fafaa615fc650f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80627E79A00215CFCB18CB69C8D09AEB7F1EB4D314B248A96E816EB3A0C735EC45DF55
                                                                                                                                                                                                                          Function 0044B420 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 288COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: `a,$`a,$`a,
                                                                                                                                                                                                                          • API String ID: 0-2143604719
                                                                                                                                                                                                                          • Opcode ID: 85fefe3049bc5464aef8ea026dca201e4aa982d052e9263c6ad77f92f8b913e3
                                                                                                                                                                                                                          • Instruction ID: 91457e77fbd086ad2e3f5199a66379cbcbbe7c50df5c8995fd3f5859ed65b934
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85fefe3049bc5464aef8ea026dca201e4aa982d052e9263c6ad77f92f8b913e3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DA14C76B041498F9F188B385CC006E77E2EB94360B288517D821DB3E5D738DC46DBD9
                                                                                                                                                                                                                          Function 00549470 Relevance: 12.3, APIs: 8, Instructions: 262COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ffe1128e6922ecbe63307ac1fabca064fef09cb970fc0555678404840be02434
                                                                                                                                                                                                                          • Instruction ID: d5a3afdd6b25213d7d56cad8b078c394d5462ce494380bb1a780ebfb16f68729
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffe1128e6922ecbe63307ac1fabca064fef09cb970fc0555678404840be02434
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EA144B2A001418FCF188F6898865EFBFF2BF92354B284919D842DB2A5D731DD09DB52
                                                                                                                                                                                                                          Function 0053B150 Relevance: 11.6, Strings: 9, Instructions: 328COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 2B$2B$2B$2B$2B$2B$2B$2B$2B
                                                                                                                                                                                                                          • API String ID: 0-1811557806
                                                                                                                                                                                                                          • Opcode ID: 6b6332815ae2671d30e76712dc6fd820f43d160390bc89331170cba9d12ee7b2
                                                                                                                                                                                                                          • Instruction ID: ddf27d98dd1844832a5ab1a5baec860b20911d7d2c6256fc38950867e29cbc41
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b6332815ae2671d30e76712dc6fd820f43d160390bc89331170cba9d12ee7b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DC1CA753047448F9728CB38D4D056ABBE2BF99350B248A5ED597CB792C331EC09CB51
                                                                                                                                                                                                                          Function 005892E0 Relevance: 10.7, Strings: 8, Instructions: 696COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: f{l$f{l$f{l${='$|='$|='$|='$|='
                                                                                                                                                                                                                          • API String ID: 0-4098311432
                                                                                                                                                                                                                          • Opcode ID: d11e1740afbfa117d370b4ebfb18bf100ac7aa9901f1e40fd7632481b053168a
                                                                                                                                                                                                                          • Instruction ID: c14fc7bfe121aca04e7430eacd5769daebf0064d6626823cb7813f9c612ec1c0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d11e1740afbfa117d370b4ebfb18bf100ac7aa9901f1e40fd7632481b053168a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA321D367083518B8B189E2854D117ABFD2BFC5350F2D9A1EECA6A73A4D635CC09D7C2
                                                                                                                                                                                                                          Function 00474420 Relevance: 10.7, Strings: 8, Instructions: 662COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: VLD$ VLD$ VLD$ VLD$ VLD$ VLD$3v%}$3v%}
                                                                                                                                                                                                                          • API String ID: 0-3637346050
                                                                                                                                                                                                                          • Opcode ID: f65c161f7db394aaa53bb3cf8198520b1cf01f3d07573d71e5287103f71c10f5
                                                                                                                                                                                                                          • Instruction ID: ac355defdfe0054c8ea462b359cb41bfb1c8055b8764908c726fc8904fc6b5d9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f65c161f7db394aaa53bb3cf8198520b1cf01f3d07573d71e5287103f71c10f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4232C579308241DFC7198F2894945ABBBD2AFD5350F19C95FE89D873A1C338CD0A9B86
                                                                                                                                                                                                                          Function 0052F210 Relevance: 10.6, Strings: 8, Instructions: 578COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ?umL$?umL$_d!$_d!$vUa$wUa$wUa$wUa
                                                                                                                                                                                                                          • API String ID: 0-3496836322
                                                                                                                                                                                                                          • Opcode ID: 4385056284f311c76952fadbdc122e728ab373938e79c70a420af4fa9e7c3a1a
                                                                                                                                                                                                                          • Instruction ID: 3c4a5aca02ed2c2781244a1cef8596b453c3f9990d15766ac1e1269269b76250
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4385056284f311c76952fadbdc122e728ab373938e79c70a420af4fa9e7c3a1a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B122B079A00169CFCB18CF68E8D05ADBBF2BF9A720B254539E816DB3E0D6309C45CB51
                                                                                                                                                                                                                          Function 004FB240 Relevance: 10.3, Strings: 8, Instructions: 305COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: JH2<$KH2<$KH2<$KH2<$KH2<$k5^A$k5^A$k5^A
                                                                                                                                                                                                                          • API String ID: 0-4044113852
                                                                                                                                                                                                                          • Opcode ID: db7417e7891e38d0078f3775fe21b1c3633ffd16d30ccc95eb4d996bb013dd18
                                                                                                                                                                                                                          • Instruction ID: 9eb0c5fdc3a00ff03096553cd343d2ccddb7ad95cad5251b0bb8e63ef6553698
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db7417e7891e38d0078f3775fe21b1c3633ffd16d30ccc95eb4d996bb013dd18
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1A16966B0525D8B8F088A2496D15BF7BD3EFD6210B38811BDE429B399C7388C0BD7C5
                                                                                                                                                                                                                          Function 005C244F Relevance: 9.2, APIs: 6, Instructions: 193COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C253F
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C2690
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFindFirst_free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 689657435-0
                                                                                                                                                                                                                          • Opcode ID: 225ad07278097111b9f5e77922d5061ea956b12ef17ec1119561b5132aaa0f90
                                                                                                                                                                                                                          • Instruction ID: 818ddf9f546169b5b11543e81e62e2393715d9084935837ccb5bb24f355a7714
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 225ad07278097111b9f5e77922d5061ea956b12ef17ec1119561b5132aaa0f90
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8061D1719011195FDF24AFA8DC89FFABFB8BB45300F1441DEE40997251EA349E849F64
                                                                                                                                                                                                                          Function 00522200 Relevance: 8.2, Strings: 6, Instructions: 664COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: _f43$_f43$e"S$e"S$e"S$e"S
                                                                                                                                                                                                                          • API String ID: 0-3275933199
                                                                                                                                                                                                                          • Opcode ID: 15bec3155ae73451d5ea86302f0d0a35814efe6b5eb35a1ece53d85e9b5d9198
                                                                                                                                                                                                                          • Instruction ID: c143ac1c6cd24b4f1e55af22474dce9f186e987e30b7b62123f4dc31c4d4175f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15bec3155ae73451d5ea86302f0d0a35814efe6b5eb35a1ece53d85e9b5d9198
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC326A7D308665EF8E1CCA38A4F043D7BD2AFA6320F744A5EE4A38B7E0D5258D458742
                                                                                                                                                                                                                          Function 00563150 Relevance: 8.1, Strings: 6, Instructions: 593COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 5dJ$6dJ$6dJ$cannot use erase() with $iterator does not fit current value$iterator out of range
                                                                                                                                                                                                                          • API String ID: 0-2605884498
                                                                                                                                                                                                                          • Opcode ID: 162a7e6aa3f3b52193c06d3d0889185e35e1de77d9c7e0ec926c3202401d3453
                                                                                                                                                                                                                          • Instruction ID: 28070400da7db318b418a4a0c216e15cc431a284112c4dd13c67d347758b0f59
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 162a7e6aa3f3b52193c06d3d0889185e35e1de77d9c7e0ec926c3202401d3453
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03229C7AB002448BCF248B3899D46AD7FE2BFD5360F69855AD8516B3D1DB314F0ACB90
                                                                                                                                                                                                                          Function 0053A300 Relevance: 7.9, Strings: 6, Instructions: 390COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ]6L$]6L$]6L$]6L$]6L$]6L
                                                                                                                                                                                                                          • API String ID: 0-3601653423
                                                                                                                                                                                                                          • Opcode ID: 2a3af65a269550209dba4ee14ed065d0e2c08b93fd680953fe5bbbb83d4f1f4f
                                                                                                                                                                                                                          • Instruction ID: 4212678a1c1d88209141c7a3d968c3d988c9b4bafc723c99d52322c6a9a419d1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a3af65a269550209dba4ee14ed065d0e2c08b93fd680953fe5bbbb83d4f1f4f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08E1E775705B408FCB348F3885D15667BE2BFC5320B298A1AD4E6C7BA1D621EC0ACB52
                                                                                                                                                                                                                          Function 0053D1A0 Relevance: 7.7, Strings: 6, Instructions: 226COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: |Lr$|Lr$|Lr$|Lr$|Lr$|Lr
                                                                                                                                                                                                                          • API String ID: 0-2011822085
                                                                                                                                                                                                                          • Opcode ID: ee13f2ef7510fe1c4037ed1b9861a1afd3289b513cf528e133badcbb74ba27f8
                                                                                                                                                                                                                          • Instruction ID: 7db22588719baa56c53a3ce395839eefcc7942178eab9480e735f6feb73799d7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee13f2ef7510fe1c4037ed1b9861a1afd3289b513cf528e133badcbb74ba27f8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08715E263006414F8B288E3DA9D052B7BF77FD5251B29CE29E892CF3D5DA31EC199750
                                                                                                                                                                                                                          Function 004E7530 Relevance: 7.3, Strings: 5, Instructions: 1036COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ,g+s$-g+s$-g+s$QU6w$QU6w
                                                                                                                                                                                                                          • API String ID: 0-1859280572
                                                                                                                                                                                                                          • Opcode ID: 3ff427e8a50d8ae34bfd9ef981007f44887716d84502850762d034a26e23e944
                                                                                                                                                                                                                          • Instruction ID: af58283589fe182c1c69c3fa075fe52eefce8c90d5f8f5a7a062f6bf617b559d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ff427e8a50d8ae34bfd9ef981007f44887716d84502850762d034a26e23e944
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03822675F04245CFCF18CB29E4905BE7BF2AF89321B28415ED816AB3A0D7359C46CB95
                                                                                                                                                                                                                          Function 00460210 Relevance: 7.1, Strings: 5, Instructions: 867COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: /G@$/G@$/G@$/G@$/G@
                                                                                                                                                                                                                          • API String ID: 0-4077632988
                                                                                                                                                                                                                          • Opcode ID: 23393c4acabb5d29d7da81f515dad826545044e3e1c8982785331183fa5e3c5a
                                                                                                                                                                                                                          • Instruction ID: fcd1a26919a23b5f88aa234e0b195e9fc2e96656722967ff1bc42a5020feacfb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23393c4acabb5d29d7da81f515dad826545044e3e1c8982785331183fa5e3c5a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0627A36A042548BCF188F78D4D02EF7BF2AF95350F28415BDC529B395E6398D4ACB86
                                                                                                                                                                                                                          Function 004CE4C0 Relevance: 7.0, Strings: 5, Instructions: 755COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: #Y;$sWB$sWB$sWB$sWB
                                                                                                                                                                                                                          • API String ID: 0-4095453692
                                                                                                                                                                                                                          • Opcode ID: df3f1791d5ad5ecac643efd6e62b17e3aa975759c3aaa7e9e6371d471bd9a0e3
                                                                                                                                                                                                                          • Instruction ID: 090536ab922913b9e74355e0d1cc90e8ea4eed355e4802d012d275fd6289f99e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df3f1791d5ad5ecac643efd6e62b17e3aa975759c3aaa7e9e6371d471bd9a0e3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B652123AA012458FCF18CF69D494BEEB7F2BF85324F29411AD8516B391D739AC4ACB44
                                                                                                                                                                                                                          Function 00557450 Relevance: 6.6, Strings: 5, Instructions: 383COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ; expected $; last read: '$syntax error $unexpected $while parsing
                                                                                                                                                                                                                          • API String ID: 0-4239264347
                                                                                                                                                                                                                          • Opcode ID: 1359bc972bc5791cbf43fb287eebebc1866679efc52429af6ec7938366d496fe
                                                                                                                                                                                                                          • Instruction ID: ed47748f6a66f81469e92cea933a8d8dccc1e09e4940b1e57f11130f2bd7fe32
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1359bc972bc5791cbf43fb287eebebc1866679efc52429af6ec7938366d496fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47D13576A0421A8FCB18DF68E9A5AAE7FF1FF58350F14412AE8156B3D1D7319D09CB80
                                                                                                                                                                                                                          Function 00470210 Relevance: 6.5, Strings: 5, Instructions: 201COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: F{V$F{V$F{V$F{V$F{V
                                                                                                                                                                                                                          • API String ID: 0-785186087
                                                                                                                                                                                                                          • Opcode ID: fd3f09101f400bf210ff292ed058feea82d1e8f6dcd1323a1c634aab3f3385ac
                                                                                                                                                                                                                          • Instruction ID: f1556e5fc2524e6ab7e73b3712a83978d6894cceeff42e18b7b3a5568385c5e5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd3f09101f400bf210ff292ed058feea82d1e8f6dcd1323a1c634aab3f3385ac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5614C37A053B1CBC7144E2458C8682B6D39BC5750F4BC6D7DCA86F26AD23A8C0B87D5
                                                                                                                                                                                                                          Function 0049B390 Relevance: 6.3, APIs: 4, Instructions: 260COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 63d2441ea3219006a10b43ea870725c5e165af933dfaffd157991baf277d85b8
                                                                                                                                                                                                                          • Instruction ID: adc901b5a23563972e85fc2cbdde8d0bd45d4e20261532710b9ebecce27fd558
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63d2441ea3219006a10b43ea870725c5e165af933dfaffd157991baf277d85b8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6913832A0418A9FCF188E68ADD44BE7FB2EF89714B244426E811D7392D3398C15EF65
                                                                                                                                                                                                                          Function 005C239E Relevance: 6.2, APIs: 4, Instructions: 199fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 005BD75D: HeapAlloc.KERNEL32(00000008,?,00000000,?,005BCA5A,00000001,00000364,00000005,000000FF,?,?,005B365C,005BC6DD,?,?,005B351B), ref: 005BD79E
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C241F
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C2436
                                                                                                                                                                                                                          • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C253F
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C260F
                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 005C261D
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C266B
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 005C267A
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C2690
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free$Find$File$AllocCloseFirstHeapNext
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2272182792-0
                                                                                                                                                                                                                          • Opcode ID: 7ae13cd669f3ba2c84dccf404aee98cfe215caad710c1031a8bf99baa5e7ce1a
                                                                                                                                                                                                                          • Instruction ID: b839a49b2928e88a292637374c4a976025783cdada19eaab715f6469fd69f471
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ae13cd669f3ba2c84dccf404aee98cfe215caad710c1031a8bf99baa5e7ce1a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C513471900219AFDF28AFA89CC9FFE7FA9FF85314F14419DE40997241EA309D429B64
                                                                                                                                                                                                                          Function 005AC026 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 005AC032
                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 005AC0FE
                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 005AC117
                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 005AC121
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 254469556-0
                                                                                                                                                                                                                          • Opcode ID: eaca258f3bc76b621feecb490da8d7a19f32003a0723f32db246d68e0c3113f1
                                                                                                                                                                                                                          • Instruction ID: 2b9edba156d8d739120409ac7fd9e17f4279079132c868e915ff1e6b69cde049
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eaca258f3bc76b621feecb490da8d7a19f32003a0723f32db246d68e0c3113f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2831F4B5D012199BDF21DFA4D949BCDBBB8BF18304F1041EAE40CAB251EB719A85CF45
                                                                                                                                                                                                                          Function 005253F0 Relevance: 6.0, Strings: 4, Instructions: 1041COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: bZ:?$cZ:?$cZ:?$cZ:?
                                                                                                                                                                                                                          • API String ID: 0-1113332767
                                                                                                                                                                                                                          • Opcode ID: 3a3a45dffc5f23906d3077dc1d5e00e7b34ed232ef4675fa90bc7869200822ee
                                                                                                                                                                                                                          • Instruction ID: 296d319d33926d50d30391c968fdf0750c8545b8944560d4f8ea44dd58d08d98
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a3a45dffc5f23906d3077dc1d5e00e7b34ed232ef4675fa90bc7869200822ee
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA8228396087518BCF1C8E24A0E057EBBD2BFD6310F694A1EE49B4B3D1E635DC459B82
                                                                                                                                                                                                                          Function 004FA240 Relevance: 5.8, Strings: 4, Instructions: 816COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (?:(https?):)?(?://(?:\[([\d:]+)\]|([^:/?#]+))(?::(\d+))?)?([^?#]*)(\?[^#]*)?(?:#.*)?$http$https$location
                                                                                                                                                                                                                          • API String ID: 0-4198004140
                                                                                                                                                                                                                          • Opcode ID: cae2b32c7fdaef4bfc06cd7dde2372c6b7a67936a82ed1a604e2dd4b6728b78f
                                                                                                                                                                                                                          • Instruction ID: 1614afc61d2bb40b94e630ed44ebf7d5c2f81d011a071e92e55ca42d23c5e9a0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cae2b32c7fdaef4bfc06cd7dde2372c6b7a67936a82ed1a604e2dd4b6728b78f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7620375104B04CBDB28DF34D895BB777E5FB24308F14491EE19A8B2A1EB3AB909CB45
                                                                                                                                                                                                                          Function 00562170 Relevance: 5.6, Strings: 4, Instructions: 642COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0^{[$0^{[$0^{[$0^{[
                                                                                                                                                                                                                          • API String ID: 0-1191345365
                                                                                                                                                                                                                          • Opcode ID: 13ea91e8fed88900d160694e21a67b4d8c34e7a6a68ca895883818534c681e14
                                                                                                                                                                                                                          • Instruction ID: 3b590d35444bd69cd124edc132d6eaadacf60f744c26232f9d05b4bf2e37a842
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13ea91e8fed88900d160694e21a67b4d8c34e7a6a68ca895883818534c681e14
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF324636704B418FCB288F34D4946267BE2BF95350F188A5ED89B8BB91D735ED49CB40
                                                                                                                                                                                                                          Function 0051E300 Relevance: 5.5, APIs: 3, Instructions: 1044COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::_Xregex_error.LIBCPMT ref: 0051F0A8
                                                                                                                                                                                                                          • std::_Xregex_error.LIBCPMT ref: 0051F0AF
                                                                                                                                                                                                                          • std::_Xregex_error.LIBCPMT ref: 0051F0BD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Xregex_errorstd::_
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3587890882-0
                                                                                                                                                                                                                          • Opcode ID: 59222ec78486851a31cc1bd9551cb79907890e4f88915f1aa24973004c4fbc09
                                                                                                                                                                                                                          • Instruction ID: 9eb56d8333ade8c2b5974271cd925d45b5a739d9d8d84705a9f5480c1d2e1415
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59222ec78486851a31cc1bd9551cb79907890e4f88915f1aa24973004c4fbc09
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3382017AA002158FDF14CF68D4C1AEDBBF2BF99320F294659D812AB391D7319D85CB90
                                                                                                                                                                                                                          Function 00564540 Relevance: 5.5, Strings: 4, Instructions: 474COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ^a$^a$^a$^a
                                                                                                                                                                                                                          • API String ID: 0-2016794178
                                                                                                                                                                                                                          • Opcode ID: 121ba7aa3d44e8dbfcbdd1bf5a872943f9a4d6cb6c0e5a313a0372ac25a780d2
                                                                                                                                                                                                                          • Instruction ID: c56b1758343e6d02fe5e96bbe5f865085889a59d78e8f3c1efe078360276cda3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 121ba7aa3d44e8dbfcbdd1bf5a872943f9a4d6cb6c0e5a313a0372ac25a780d2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5022976B00255CFCF188F68E5946AE7BE2BB97360F2A8559D8556B3E1C7318C05CF80
                                                                                                                                                                                                                          Function 004D0040 Relevance: 5.4, Strings: 4, Instructions: 402COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: wc9]$xc9]$xc9]$xc9]
                                                                                                                                                                                                                          • API String ID: 0-1002030405
                                                                                                                                                                                                                          • Opcode ID: 87544f0281c17cf3fb52799354dd475aff1b281fc747986a8c8e2765dd5c63c7
                                                                                                                                                                                                                          • Instruction ID: b7a75dade9f64b46190dd0debdecffa46860c2004611bbc2f26256a75cba1119
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87544f0281c17cf3fb52799354dd475aff1b281fc747986a8c8e2765dd5c63c7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AE14B35709340DB8B188A2898E071E77D26FC5314F64C91BE8D9DB3A5D639CC4ADB47
                                                                                                                                                                                                                          Function 0053E250 Relevance: 5.4, Strings: 4, Instructions: 374COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: /';$!/';$!/';$!/';
                                                                                                                                                                                                                          • API String ID: 0-2963574719
                                                                                                                                                                                                                          • Opcode ID: 8861f357c825f6f04619b3e3b42fe685a81f1af714fb3e048f09962edf6373cb
                                                                                                                                                                                                                          • Instruction ID: 6ee2d9ab5ded2abe76bec10be91e388a4e6035055b73427672c41bcf952b03ff
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8861f357c825f6f04619b3e3b42fe685a81f1af714fb3e048f09962edf6373cb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CD12D7A709742DB8B288A1895D226E7BD2BFD9350F194C2EF856D73D1D631CC068B82
                                                                                                                                                                                                                          Function 00509040 Relevance: 5.4, Strings: 4, Instructions: 371COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: *J5I$*J5I$i4J$i4J
                                                                                                                                                                                                                          • API String ID: 0-611784234
                                                                                                                                                                                                                          • Opcode ID: 2871fa7740326851aa9889fd55ee4ad21aa5d6565bee72e8364d852e865c027b
                                                                                                                                                                                                                          • Instruction ID: dde53e2d5b70fdbf89dc94c1f79247055b2cb7ffb497b244a2063bf2d0f6f6c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2871fa7740326851aa9889fd55ee4ad21aa5d6565bee72e8364d852e865c027b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70D1BE39B05A058FCF18CE68D8E46AEBBF1BB99320F244655E811EB3E5C231DC45CB51
                                                                                                                                                                                                                          Function 004FE460 Relevance: 5.4, Strings: 4, Instructions: 368COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ocN$ocN$ocN$ocN
                                                                                                                                                                                                                          • API String ID: 0-1125727286
                                                                                                                                                                                                                          • Opcode ID: bfebffb80567b1cf41d14fa11f0acbf10379ede6dc378cab709ccd37c3280753
                                                                                                                                                                                                                          • Instruction ID: 998cd5f140d481939a33fba2063b8b5d8e678db74980c25d177b11b6cf3d53da
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfebffb80567b1cf41d14fa11f0acbf10379ede6dc378cab709ccd37c3280753
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37D15C2630C3599B8B188A2A98D043B7AD35FD5391F6C8D5FEE89C73A1D234CD099B46
                                                                                                                                                                                                                          Function 004A10D0 Relevance: 5.4, Strings: 4, Instructions: 361COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 2" o$2" o$2" o$2" o
                                                                                                                                                                                                                          • API String ID: 0-3435187429
                                                                                                                                                                                                                          • Opcode ID: 80aa254b46ac7daf1106e5c128a4565ab51085aa14b5273fe8f78d90880acf1a
                                                                                                                                                                                                                          • Instruction ID: b377f165a1d33a5dbbc320feb6d476355a8357d6c31c761ef2e5586401e957fe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80aa254b46ac7daf1106e5c128a4565ab51085aa14b5273fe8f78d90880acf1a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDC116797042408FCF1C9E2894E457E76D2AFFA390F29452FD9574B7F1C6288C468B8A
                                                                                                                                                                                                                          Function 004CA000 Relevance: 5.3, Strings: 4, Instructions: 323COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: %RvG$%RvG$%RvG$%RvG
                                                                                                                                                                                                                          • API String ID: 0-204049577
                                                                                                                                                                                                                          • Opcode ID: a9e0da41866b4200f2f9125f9ef8e117e91f019728970cbde0eb881b16c7deab
                                                                                                                                                                                                                          • Instruction ID: b16e1a049f0e96ca59a093832e197382d4b8ec02980b16b40eca9ac82d28cda0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9e0da41866b4200f2f9125f9ef8e117e91f019728970cbde0eb881b16c7deab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFB1AE2D7082459FC7184A3458E0A3B7BD35FD5358F28CA1EE89A8B3E1D639CC199B47
                                                                                                                                                                                                                          Function 0057B1E0 Relevance: 5.2, Strings: 4, Instructions: 199COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: FW%3$GW%3$GW%3$GW%3
                                                                                                                                                                                                                          • API String ID: 0-2930812216
                                                                                                                                                                                                                          • Opcode ID: 1b0890e91f8cdb76f2aa43bed33a43314f3428e1543ca0bbb0fbcf4d143c65cf
                                                                                                                                                                                                                          • Instruction ID: 37f8c893ebeace14a6d3bf89d72f493732cab0030e594ac564442e108646c4a7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b0890e91f8cdb76f2aa43bed33a43314f3428e1543ca0bbb0fbcf4d143c65cf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01613B363083449F9A148A38A9C066F7BD37FE5350F29CD19E499CB295D730CD49EB51
                                                                                                                                                                                                                          Function 0052E080 Relevance: 4.4, Strings: 3, Instructions: 603COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: Content-Encoding$deflate$gzip
                                                                                                                                                                                                                          • API String ID: 0-3932100438
                                                                                                                                                                                                                          • Opcode ID: ea5911db5eefbae29c3d7f51170d8fbb89d0d768a9c54769dcb4d25a60319957
                                                                                                                                                                                                                          • Instruction ID: a17a0fbc4e2fd933cdc6f2fede755223b219709a207c630ece8830b3728b6151
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea5911db5eefbae29c3d7f51170d8fbb89d0d768a9c54769dcb4d25a60319957
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1225A362007518FCB28CF38E8D666A7BD6BFA6364F184E19D4568B6E1D731F849CB40
                                                                                                                                                                                                                          Function 00456260 Relevance: 4.3, Strings: 3, Instructions: 506COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: \X'T$]X'T$]X'T
                                                                                                                                                                                                                          • API String ID: 0-740687242
                                                                                                                                                                                                                          • Opcode ID: e2bf849e773e493c3b2d9d94eeb8b193f06dc65389d42c30cd5a12b67ee0b964
                                                                                                                                                                                                                          • Instruction ID: 26279f127ffebd5b59b6ec7fc5ffc0396ed1e0841bba1f1cc68f9818291a161f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2bf849e773e493c3b2d9d94eeb8b193f06dc65389d42c30cd5a12b67ee0b964
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 210226766042419FCB088F2898D092B7BE6AFD5310F598D5EFC85CB3A2D635CC0E9B46
                                                                                                                                                                                                                          Function 0057E1A0 Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: AW$J<EG$J<EG
                                                                                                                                                                                                                          • API String ID: 0-2506601726
                                                                                                                                                                                                                          • Opcode ID: e8d261c1cb2bffa29166dc23fb432e40d1c8687714a8df8e5bd66a76e1bc9854
                                                                                                                                                                                                                          • Instruction ID: 38d98c87b48b54e76e1f8c7411539ee6834ec9c8ef16852d60f6966776fe3b1e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8d261c1cb2bffa29166dc23fb432e40d1c8687714a8df8e5bd66a76e1bc9854
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BB10879B003198F8F18CB68E4E18BE7BF6BF5D3547648899E81AE7391C6209C05EF51
                                                                                                                                                                                                                          Function 00508480 Relevance: 3.3, Strings: 2, Instructions: 818COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: %s: %s$D:P
                                                                                                                                                                                                                          • API String ID: 0-3986616612
                                                                                                                                                                                                                          • Opcode ID: 159e8d999286a8edc008adfbd0a7c6d987a26011096a1cfe21826ffd323d1efd
                                                                                                                                                                                                                          • Instruction ID: ec8ecc71875d47dd9b1b04cfb69bc84a04ba31641227607370efb77e2b9fcef5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 159e8d999286a8edc008adfbd0a7c6d987a26011096a1cfe21826ffd323d1efd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA62E279B016098FCF14CE68C890ABDBBF2BF89310B254555E895EB3E4DA319C468F91
                                                                                                                                                                                                                          Function 004D34D0 Relevance: 3.2, Strings: 2, Instructions: 686COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 6,Mk$6,Mk
                                                                                                                                                                                                                          • API String ID: 0-502606186
                                                                                                                                                                                                                          • Opcode ID: 58891578ff2e3b23c4427fe616a82afa115b5828713ee037ac70471436fc9a42
                                                                                                                                                                                                                          • Instruction ID: 682864aa1b120122de8aa71a1860f8244b9ef579d39dbfe66d059edd9137425c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58891578ff2e3b23c4427fe616a82afa115b5828713ee037ac70471436fc9a42
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51423576B043588BCF18CF68D4E06BE7BF2AF89351F28415BD855AB3A0C7299D05CB45
                                                                                                                                                                                                                          Function 004B31D0 Relevance: 3.2, Strings: 2, Instructions: 681COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 6,Mk$6,Mk
                                                                                                                                                                                                                          • API String ID: 0-502606186
                                                                                                                                                                                                                          • Opcode ID: 39fc16dfd5d5be393546fc6d9e2f872cd6277de01b7a0364cb24f773bac4e7a8
                                                                                                                                                                                                                          • Instruction ID: 50d2a7ef88d824300ad508e92c7de06fd78237ccd1068db77189b2573f4a47f2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39fc16dfd5d5be393546fc6d9e2f872cd6277de01b7a0364cb24f773bac4e7a8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED422476B002598BCF18CF69D5D06EE7BF2AF89351F29805AD814AB390C7399D06CF64
                                                                                                                                                                                                                          Function 004974F0 Relevance: 3.0, Strings: 2, Instructions: 465COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 9y7Y$9y7Y
                                                                                                                                                                                                                          • API String ID: 0-4046655019
                                                                                                                                                                                                                          • Opcode ID: ba0072c83b2ddda887b34ccf4e3fdbde045b6d173d1467e6f05f246fee31aab6
                                                                                                                                                                                                                          • Instruction ID: d62e2bb8535cd8ab13639f362027c7ea5fb224f8cba70c09c9960f7e20df8272
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba0072c83b2ddda887b34ccf4e3fdbde045b6d173d1467e6f05f246fee31aab6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2F1393571C3519BCF1C8A3854E053E7AD2AFD5324F25893FE89A9B390D624DC49CB8A
                                                                                                                                                                                                                          Function 004A8450 Relevance: 2.4, APIs: 1, Instructions: 899COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8bd3a5d9b25a64cb9bb8ae2f5c0dea0293bb27413c9a60e159fa14f5863925e9
                                                                                                                                                                                                                          • Instruction ID: b96cc1ec4ae9303caab3f822520e8b5070ec61758b779a6dc0ea187d0aa8e485
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bd3a5d9b25a64cb9bb8ae2f5c0dea0293bb27413c9a60e159fa14f5863925e9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99626B35B041468B8F28C67885D05BF37A2EBBA364B35451FD422DB3E1EA28DC45CB5A
                                                                                                                                                                                                                          Function 0046B560 Relevance: 2.1, Strings: 1, Instructions: 844COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: zsh>
                                                                                                                                                                                                                          • API String ID: 0-523548137
                                                                                                                                                                                                                          • Opcode ID: b62459437e0366733b6140df69aef2503997eb8f4b984ddaf8eb595518e4f0d5
                                                                                                                                                                                                                          • Instruction ID: 8af6dfac118da047f9557562c64567c0ef2dacb54a30c932494d86fbd1c6feef
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b62459437e0366733b6140df69aef2503997eb8f4b984ddaf8eb595518e4f0d5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B962E6753006058FC728CE28C8D096677E2EF953547288A1BD497CB7A4FB35EC86DB86
                                                                                                                                                                                                                          Function 0055B4E0 Relevance: 1.7, Strings: 1, Instructions: 482COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • excessive object size: , xrefs: 0055BAEE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: excessive object size:
                                                                                                                                                                                                                          • API String ID: 0-3718820671
                                                                                                                                                                                                                          • Opcode ID: f7ecfe58adf86d6cb5949987cfec58702489b7607049405d627836eeab18fdfa
                                                                                                                                                                                                                          • Instruction ID: ce8cd124136efa62dd548bef1a3dc744cf6f19374faa6bbce426db1b6aa1b9c8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7ecfe58adf86d6cb5949987cfec58702489b7607049405d627836eeab18fdfa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E025631A013598FCF14CF68D8A59EEBFB5BF94360F28051AE851A7391D7309D49CB90
                                                                                                                                                                                                                          Function 005BD093 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,005B2D33,?,20001004,00000000,00000002,?,?,005B1C44), ref: 005BD0C7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                                                          • Opcode ID: f9b1c065902615ccf1505580ea6ed34357db9355e114c5fa2dd4cc26ce25e63e
                                                                                                                                                                                                                          • Instruction ID: 0d3d41a592c8a3e83cf8834f8dc931fc4a09c7a1f74f6f4d9156fd5a52710a8b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9b1c065902615ccf1505580ea6ed34357db9355e114c5fa2dd4cc26ce25e63e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69E01A3650011CBBCF223F60EC09EEE7E26FB44750F144411FC0966161EB319921AAA5
                                                                                                                                                                                                                          Function 00587510 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: -tX
                                                                                                                                                                                                                          • API String ID: 0-3778505109
                                                                                                                                                                                                                          • Opcode ID: 4b5c91803c79835e3b08fc268d9966abc20cf070a4edd23176aab9ae41a14706
                                                                                                                                                                                                                          • Instruction ID: 7bc88f7d96dfa8094cf1bcf6a6acee0e659c301c735a0dcece4c31e4e9a9e6c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b5c91803c79835e3b08fc268d9966abc20cf070a4edd23176aab9ae41a14706
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A781C136E042599FCF14DF68D9946EEBFF2AF89320F294569D8447B251D7348C05CBA0
                                                                                                                                                                                                                          Function 005762F0 Relevance: .7, Instructions: 711COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2e74a684a124d3be509e873cd3d098279ac95794b73e398b509f4b6f9a0cb856
                                                                                                                                                                                                                          • Instruction ID: deffdf0066da9a79adac0a0a142684e375cb2fff7f4918a347d33eea6fd2f6d6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e74a684a124d3be509e873cd3d098279ac95794b73e398b509f4b6f9a0cb856
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F42F635204B418FCB288F29E4D056ABFE1BF95350B28C91DD89F8B691D730ED49EB90
                                                                                                                                                                                                                          Function 005394C0 Relevance: .7, Instructions: 704COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: df8413465f38c98931702823659575e210bd697c0b077329ebe75493447d0046
                                                                                                                                                                                                                          • Instruction ID: 6f809081767e043628f4f42fb765a58a8100245cedc56679033953c62e659e7d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df8413465f38c98931702823659575e210bd697c0b077329ebe75493447d0046
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73526BBAB052098FCB15CF68D8909ADBBF2BF99350F244555E816EB3A0D731EC45CB90
                                                                                                                                                                                                                          Function 004AC120 Relevance: .6, Instructions: 615COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3cf5795c16a09f7b7c42dcd27e98f05cb0c888ebc3a967d7f3e94d408cba176e
                                                                                                                                                                                                                          • Instruction ID: b95c8196256f487e3b864bcf4e6748bfd19d5ba86b31807ad8521126a5b9f209
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cf5795c16a09f7b7c42dcd27e98f05cb0c888ebc3a967d7f3e94d408cba176e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB326A75B05255CF8F58CE68C4E05BE7BF26FBA310B28454AE842E73A1D6288C06DF95
                                                                                                                                                                                                                          Function 004CD180 Relevance: .6, Instructions: 598COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5d68abe7759bb204dd094026ef4b5629c3387170af2cf2c6fe4de7bb915706ec
                                                                                                                                                                                                                          • Instruction ID: d5b6a1387a1f8971b822bdc269c9cddbe0eb5ed65781f6a47c9879cb9615adb0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d68abe7759bb204dd094026ef4b5629c3387170af2cf2c6fe4de7bb915706ec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53326F79B04248CF8B54CFA8D8809ADBBF2FF8D310B24416AE815EB364D635AC46DF55
                                                                                                                                                                                                                          Function 004F0420 Relevance: .6, Instructions: 579COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a0b3fc3b72575e59ca2773abc42790a09e57628f726251275537226e7df7c1cf
                                                                                                                                                                                                                          • Instruction ID: 9befba4d2edf92c1a15b9ba09a06ed2aa64b7963319a2dfd560a666b47208255
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0b3fc3b72575e59ca2773abc42790a09e57628f726251275537226e7df7c1cf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A422803AF012198BCF188F3899905FE77D2ABC5360F29866AC9556F392E3345C05DF89
                                                                                                                                                                                                                          Function 00536410 Relevance: .5, Instructions: 544COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a18c5fdbcbafc58f7f72a19ec720f0943165d0a352acff495a2488cf75bec76b
                                                                                                                                                                                                                          • Instruction ID: d6ef8b9ee1d258db7e2678bf160e5850dca85a1b68b6b0c0f610d2e2a59d5b86
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a18c5fdbcbafc58f7f72a19ec720f0943165d0a352acff495a2488cf75bec76b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D322C37A6083459F8B18CF24C5D045EBBE2BBC9364F15CA2EEC948B391D630DD49DB86
                                                                                                                                                                                                                          Function 005285C0 Relevance: .5, Instructions: 532COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8b4accbeb99a8d576d6e1fd57c3413bb8bdae61239aeb9129241fef2befaf677
                                                                                                                                                                                                                          • Instruction ID: feea650a36af0c58da51317df446fe1586e5adf68293d90b1723f3fa14adaeec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b4accbeb99a8d576d6e1fd57c3413bb8bdae61239aeb9129241fef2befaf677
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C312EE719012298FCF08DFA8E894ABEBBF1BF56314F154619E421AB2D1DB35AC49CF50
                                                                                                                                                                                                                          Function 00575100 Relevance: .5, Instructions: 529COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c4e9315e0e24f5a2a852f5e454a7b87a79c1b9d73fa6bf052a1fd0369712634a
                                                                                                                                                                                                                          • Instruction ID: 0bcc721d941813b80e66897e6896dea2885f9f916b74540af4a8fd02ae278e6a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4e9315e0e24f5a2a852f5e454a7b87a79c1b9d73fa6bf052a1fd0369712634a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F122735204B41CFCB288F34E4E167A7BE2BF95350B58C91DD89F4B6A1E760AD49DB80
                                                                                                                                                                                                                          Function 00442010 Relevance: .5, Instructions: 488COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7ed3286bca58aac52619a7a1a2d7e567bc0fa47b2194e1a7273ebbd3952db5a4
                                                                                                                                                                                                                          • Instruction ID: b8053b2061f6c382a4e28e34dbf6725d3a706a3823149f163e24aa958d48a4f4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ed3286bca58aac52619a7a1a2d7e567bc0fa47b2194e1a7273ebbd3952db5a4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE02E875B003099F9F18CF68CAD0AAE77F2EF68310BA54116E9119B3A0C7799C45CF56
                                                                                                                                                                                                                          Function 0052B1F0 Relevance: .5, Instructions: 486COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a3c028dfce9a135417eee7b63172e53020a98be5cee9629ce155ab9830ed83f0
                                                                                                                                                                                                                          • Instruction ID: 65f8a13adf94d75cbab29cb539d93fc355b7818cc3665f8fd698510b3117ef47
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3c028dfce9a135417eee7b63172e53020a98be5cee9629ce155ab9830ed83f0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29020331A002298FEF18CF24E4A46BE7BF2BF9A354F294619D5026F2D1C7369D45CB94
                                                                                                                                                                                                                          Function 00537450 Relevance: .5, Instructions: 462COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0759e89dfeb027843a55782ef4db998284585271609c4cc89ae55feb0b159d2e
                                                                                                                                                                                                                          • Instruction ID: 2d925d94afc1eff30d76b7d442cbce10c216e82e9507951e9614408ee467df60
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0759e89dfeb027843a55782ef4db998284585271609c4cc89ae55feb0b159d2e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DF16C7AB0C35D9B8E3C4A3454E017E7FD2AFD9360F248A1DD8970B6E5D6318C49DA81
                                                                                                                                                                                                                          Function 0057D2E0 Relevance: .4, Instructions: 448COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d957e4977e137e6f1c30b02142ac85af747c9595f9034266585c1de684208879
                                                                                                                                                                                                                          • Instruction ID: 7a3f83e52863520c6e8126d40a0a9ea7992cb4ca711aedd6a6ac1baf46bd0c17
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d957e4977e137e6f1c30b02142ac85af747c9595f9034266585c1de684208879
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AF1F476A00255CFCF18CF68E4949AEBBF1FF99360F298159E81AAB390D7315C05DB60
                                                                                                                                                                                                                          Function 004462F0 Relevance: .4, Instructions: 439COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9e1a1fe259decb1b3b4e10760d966a00d950ba77b7c90b3b8ffbce546ad7cd66
                                                                                                                                                                                                                          • Instruction ID: 354898c6506f1d1bfe5c03f34492ee7af0f6f8970720bb9c96a1fd7fb1538027
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e1a1fe259decb1b3b4e10760d966a00d950ba77b7c90b3b8ffbce546ad7cd66
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86E16E779152619BAE389F1C45C407F7291A792320F5B465BEC923B3A0CB3D5C868BCB
                                                                                                                                                                                                                          Function 004DA2F0 Relevance: .4, Instructions: 420COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b6303af8b27a181a709da0112d5ce342e1ce28d15678a8cecf045209dd8bb028
                                                                                                                                                                                                                          • Instruction ID: e94dbedaf713bed9159e66714efcb1ebb91e4bca9b17aa36d887559ac6ef3c4e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6303af8b27a181a709da0112d5ce342e1ce28d15678a8cecf045209dd8bb028
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2E149357082009F8F14CE2885E442F77D2ABD5324F2A890BE895CF351D379DC66AB8B
                                                                                                                                                                                                                          Function 00542110 Relevance: .4, Instructions: 404COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: aac1e6fd1aabf6b3c30fcfc4c05825ae0ef3345e8784532296b0c2d921d4e275
                                                                                                                                                                                                                          • Instruction ID: 545ed69bb414495777374ead756f63c6c2baf9ce122d04bf0663aee410d21891
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aac1e6fd1aabf6b3c30fcfc4c05825ae0ef3345e8784532296b0c2d921d4e275
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4ED1DE7AB043658F8F144A6858D06FE7FE2BFDE394FE84616F9509B394D6208D0A8B50
                                                                                                                                                                                                                          Function 0049E310 Relevance: .4, Instructions: 396COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d1632634d5d631a993a66a0cc1ac8a893e76d6f303f10e45674f63658f839ec5
                                                                                                                                                                                                                          • Instruction ID: 1ebeb51d5aa766d05f61fd85a6295cb1c9f420d6d46c05dc735aae2b28dd5e84
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1632634d5d631a993a66a0cc1ac8a893e76d6f303f10e45674f63658f839ec5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DE12B35708254CF8F28CE29859042B7BD29BD8764F298E7FE85697394D634CC468F8B
                                                                                                                                                                                                                          Function 00500110 Relevance: .4, Instructions: 395COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6415558378ac7d720e01c009fd370221f24cd82a7fcf7bc677da23d177e54389
                                                                                                                                                                                                                          • Instruction ID: bb6d54e3701ce61219b8b074f3d81fa40686c94165c3812d475ccf1a8504acfe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6415558378ac7d720e01c009fd370221f24cd82a7fcf7bc677da23d177e54389
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBD14D7630A341DBCA144A3499C436E7FC37BD5364F29AE1AE8958B2E5C231CC4ADB91
                                                                                                                                                                                                                          Function 005210E0 Relevance: .4, Instructions: 367COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: db8c7877994628af8e2b13974c43cb9fd5ff56e5f0fa1fd0928fe3bc11ab4add
                                                                                                                                                                                                                          • Instruction ID: 3b5888c8a4de1f390d2af84350e23abae013d162cdbea9fea0f54337a57fc29c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db8c7877994628af8e2b13974c43cb9fd5ff56e5f0fa1fd0928fe3bc11ab4add
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AD17B76A005658BCF18CB68A8D05FE7FF3BFAA360F244659E416AB2D0D3319D05CB94
                                                                                                                                                                                                                          Function 00582470 Relevance: .4, Instructions: 366COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1f6d805df95891cb0ec748daae51f6ee4160564a080e4c2d0c2ee5c918cd5993
                                                                                                                                                                                                                          • Instruction ID: 175e0fed76c56901a7f90d7471ffb784c1c4787b49c9f0825ee40f69f9c8d93c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f6d805df95891cb0ec748daae51f6ee4160564a080e4c2d0c2ee5c918cd5993
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2D15836B042198F8F148A3889D15AF7FE2BFD5350F298551DC55EB3A9DA30CC4A9BE0
                                                                                                                                                                                                                          Function 005352A0 Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6e95dc8e1e7e549fb69b4339d8b9a68d1597c22be2c2c0a8f650775c7852f913
                                                                                                                                                                                                                          • Instruction ID: e14197c706538db3b7ffb3c2e5838a477c9bd399a2f484de7c5d25a7ef3f4862
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e95dc8e1e7e549fb69b4339d8b9a68d1597c22be2c2c0a8f650775c7852f913
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64C16B763096449BCB184E3859D152E3BC36FD5350FA8ED2EE45ACB2A5F231CC09CB92
                                                                                                                                                                                                                          Function 00526410 Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4a0fd116bc8eb3acc55bad037c0611d26a1c37301a91cadbe70099b0018794b2
                                                                                                                                                                                                                          • Instruction ID: d01aa80144d52e7b9a5fa61c568d4625f900f1774a793e44bbc8cca51675f0be
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a0fd116bc8eb3acc55bad037c0611d26a1c37301a91cadbe70099b0018794b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1D1D679A00555CF8F18CF68E8D09ADBBF1BF8A324B24451AE815DB3E4D630EC45DB91
                                                                                                                                                                                                                          Function 005850C0 Relevance: .4, Instructions: 352COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d9a385e3eff26b12f739e8882f23f956147b98ea40c90c277331e47cb66831d6
                                                                                                                                                                                                                          • Instruction ID: a62d17b47f66225cfb16a34169c5f14371321844a69a3aeb9d2f321657f9c5b7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9a385e3eff26b12f739e8882f23f956147b98ea40c90c277331e47cb66831d6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71D1AA36A006548BCF08DF68D4D06AD7FE2BF99360F6D8559DC59BB3A1EA358C05CB80
                                                                                                                                                                                                                          Function 00469160 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bbff0014a638bc8146824cac40d0798a1455e97007a1055aa0a57252c0c06901
                                                                                                                                                                                                                          • Instruction ID: 59e400b30487f6ca2764fd67a1d84e838a84d0d6a5d7c1a6be59056032726d86
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbff0014a638bc8146824cac40d0798a1455e97007a1055aa0a57252c0c06901
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3D1F5756083469FCB18CF28D89052A77D6BBC5360F254A1EE8A6DB3A0E734DC46CB47
                                                                                                                                                                                                                          Function 004544E0 Relevance: .3, Instructions: 341COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f3df2e6c3f66fd0395aff6cbb84633aa87f54d03319017f96d7e031972e6ec81
                                                                                                                                                                                                                          • Instruction ID: 9d761b0b7b0d7dc7cc2427d6d1441d0bd85bb3970ebc202c2692f17d9d9d76af
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3df2e6c3f66fd0395aff6cbb84633aa87f54d03319017f96d7e031972e6ec81
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BC17D7A3042459BCE1C8A2865E447F32D5AFD4315F24451FEC5B8F7E2E628CC8E9B86
                                                                                                                                                                                                                          Function 004CA4A0 Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c718166e412d9fdd3f6ccc95786235717a4e27918cc9cdadce35d601f7d237d2
                                                                                                                                                                                                                          • Instruction ID: 7c44744b2e7039d4724a638a1d3f4a3f05e7216c6b40c2547d5dada70c6fb0b4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c718166e412d9fdd3f6ccc95786235717a4e27918cc9cdadce35d601f7d237d2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8D18C79B002099FCB08CF68C8D49AEB7F2AF8E314B14415EE916E73A0D625AC05DF55
                                                                                                                                                                                                                          Function 0044F280 Relevance: .3, Instructions: 335COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7221535a7027c4c22abbf5c60feb17aed9a9835fc0ff80ffd2dbf74d893562eb
                                                                                                                                                                                                                          • Instruction ID: fff56132ad9574802c8fe2b1d9155c7729307da128083be9f456316907f8ecc0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7221535a7027c4c22abbf5c60feb17aed9a9835fc0ff80ffd2dbf74d893562eb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83C15A363083458BD7148E3895C024B7BD3ABD1320F6ACA7AD8944B399E779DC0F9B85
                                                                                                                                                                                                                          Function 004523A0 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5029482e39e7b1dc63e523f6c511f02077977e214f852f86ce99695c9e7b1385
                                                                                                                                                                                                                          • Instruction ID: e7b3f97a2ee18d45c0ca99b4ddf08bd6e19839cae8ff4e45b5f2b843331349f2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5029482e39e7b1dc63e523f6c511f02077977e214f852f86ce99695c9e7b1385
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47B139393082519B8B1C8A2891E047F7BD2EFDA311B29855FDC970B3D5D6398C4EDB86
                                                                                                                                                                                                                          Function 00543050 Relevance: .3, Instructions: 311COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 34867383879c3c43b4131b53c2246ed9192c8890df92cb717038eafe90ed8cd8
                                                                                                                                                                                                                          • Instruction ID: 6d7af003f589ccfdf95e5d0d9409e4676e78bf4c797edd19fe22e6c35ce55c22
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34867383879c3c43b4131b53c2246ed9192c8890df92cb717038eafe90ed8cd8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FB10439B041598F8F18CF68D8E45EEBFF2BF89394B244559D806EB3A0C620DD05DB91
                                                                                                                                                                                                                          Function 004B5110 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2caf4f65b189f89ad836acf9082f97af6fefae0395595d5fa06a557d3bb03d95
                                                                                                                                                                                                                          • Instruction ID: 432b27a1e105a0293400518c4a52ed3971a9bcfce0363cfe102225f69e710e03
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2caf4f65b189f89ad836acf9082f97af6fefae0395595d5fa06a557d3bb03d95
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DA17E353097409B8B0D4A3859E07BFB7D26FC5290FAD895FE89B87391D128CC09DB56
                                                                                                                                                                                                                          Function 00481200 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0f33cc46a547a1d9bda28f44c3849de0f1bd891d4610b027fad91a736a7d5d98
                                                                                                                                                                                                                          • Instruction ID: ea087bc77fd5d371d175a18a79b99404c61336944428d032a63f5f6bb80450c4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f33cc46a547a1d9bda28f44c3849de0f1bd891d4610b027fad91a736a7d5d98
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39B13979705209CF8F08CB6CE5D08BE77F9AB59350B244E5BE416EB3B0C225DC468B5A
                                                                                                                                                                                                                          Function 004E24A0 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cf2f4e6ce2368980e7e29d9a44b752d9ad21475de7a8a14f91d0c38efe334ed2
                                                                                                                                                                                                                          • Instruction ID: e665adb772e43c5d5aaca547e70a61470392d77f03f7695d6d3e0679e8607ee8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf2f4e6ce2368980e7e29d9a44b752d9ad21475de7a8a14f91d0c38efe334ed2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73A18B7A3047818FCB288B399BD052E77D76FC4361F288A1BD4628B3E1D275CC4A9B05
                                                                                                                                                                                                                          Function 0050D2E0 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 587cffa16357c870b0aab1a5fa3275a4cb57c9bbf70ad39591ec81da89c9624b
                                                                                                                                                                                                                          • Instruction ID: 1c27877a52dbc343ee5e856112d67a7ea44c2fb34eb72fd99195e66248b05042
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 587cffa16357c870b0aab1a5fa3275a4cb57c9bbf70ad39591ec81da89c9624b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41B1F37AA002058FCF148F68D9806ADBFF2BB89324F198569D8599F3D1D3759C06DF60
                                                                                                                                                                                                                          Function 004FD510 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 15a658fafe7d91339e13e09beb85a994ac5f02b06292f224b4ddce7a1938afaa
                                                                                                                                                                                                                          • Instruction ID: 5eeeaa66f5c01154e8a852db75165212ad886296d629e34e1f6025a6bbf07019
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15a658fafe7d91339e13e09beb85a994ac5f02b06292f224b4ddce7a1938afaa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6A1D179B0051A8FCB08CF68D8908BE73F6EF59344B24411AE915DB3A0E739DD0ADB65
                                                                                                                                                                                                                          Function 00472120 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a6043903ad12f6523c52f1376b2d77b83c4989449a5f6d755419326552483fe6
                                                                                                                                                                                                                          • Instruction ID: 348ee84877ef209982e888c80e99d5d154389244b276ec1eaf22b4957c1213d0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6043903ad12f6523c52f1376b2d77b83c4989449a5f6d755419326552483fe6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FA1486AB041868F8F188B385ED44AE77E2EFC0350738C66AD955DF3A0DB28CD0A9745
                                                                                                                                                                                                                          Function 0050E1A0 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4df0d4ad96095ff15c17865762c1fd0a08ff37eb5c84e27642fbbc77e0c96e4d
                                                                                                                                                                                                                          • Instruction ID: 9d183af0eb066739ca50d3e9109455a57ca8231911eceebba1aa86d99430819a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4df0d4ad96095ff15c17865762c1fd0a08ff37eb5c84e27642fbbc77e0c96e4d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0681F5397052498BCF0C8E2994E25BE7FA7BFC9354B384A1DE8468B3D0D6325C45DB91
                                                                                                                                                                                                                          Function 004C4250 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2a763a790ced771da058ae563eda9e8dde17fdf72b4ffea7810aa5eb9a4d6821
                                                                                                                                                                                                                          • Instruction ID: e46900232b47e4a756356e951723e9e44edbb957ed19771a65f9e35f96908160
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a763a790ced771da058ae563eda9e8dde17fdf72b4ffea7810aa5eb9a4d6821
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4281F478B001058F8B58CF68D5E0EAEB3F6AFD9310B24855EE812EB360C635EC45DB59
                                                                                                                                                                                                                          Function 00546310 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ca086030d2d6082f05e629711323dda3a4265bbe48573b523a24ab1b7f03c239
                                                                                                                                                                                                                          • Instruction ID: 4eab7e803cea977100074346d0e26e5420199541e96c95a31243207ee9371647
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca086030d2d6082f05e629711323dda3a4265bbe48573b523a24ab1b7f03c239
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F717B363093909F8A08CF3855D02EE7FC6ABD7798F6A8859E8954B285D635CC09C743
                                                                                                                                                                                                                          Function 0050C340 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 705654d268c9736ff7e68508716e368cd7ce817b3b29cf7d0e49233030e935b2
                                                                                                                                                                                                                          • Instruction ID: 9865de133edae0794a2ced3cc4ff3414a62ecd2d026fad6c366aab8090c2b076
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 705654d268c9736ff7e68508716e368cd7ce817b3b29cf7d0e49233030e935b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A81B17AA002589BCF14CF68D9D46AEBFF1FF4A325F244619E845AB2D0E6315D05CBA0
                                                                                                                                                                                                                          Function 0049F480 Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 243744ee3f17a4929db8c2f4f4b266dbc7016fce1f3bb8011e955df956f595ad
                                                                                                                                                                                                                          • Instruction ID: 316de99a79827bda768fe1ffca44be89a39aa90fbe2706f690e70b9379815d48
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 243744ee3f17a4929db8c2f4f4b266dbc7016fce1f3bb8011e955df956f595ad
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D617C72B00355DF4F144E6454C04BF7BE7AEDA26072A867BCC65AB395D6384C0F8B94
                                                                                                                                                                                                                          Function 004BF200 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a3f74fee6e4e4c0b5c41dbfee8cd6ac5a39e55e5a7599ee00af383ea214edd1d
                                                                                                                                                                                                                          • Instruction ID: d580e363cc85f989138f9a13e2883a77f97fb185fce8603272cc44c90c5dc161
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3f74fee6e4e4c0b5c41dbfee8cd6ac5a39e55e5a7599ee00af383ea214edd1d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C071B0357083409FCB048F28998068B7BD2AFD1794F69C95AE8588F399C739DC4E8F95
                                                                                                                                                                                                                          Function 004581C0 Relevance: 24.8, APIs: 1, Strings: 13, Instructions: 301COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ($F5$F5$F5$F5$F5$F5$F5$F5$F5$F5$F5$F5
                                                                                                                                                                                                                          • API String ID: 0-3978897721
                                                                                                                                                                                                                          • Opcode ID: 64cdaf932b432f5cd2429f3702a24882add9a36626eec82a2684e28d0460d2da
                                                                                                                                                                                                                          • Instruction ID: c38023c4b18e373aad616e519ada3e70ea0d1b3259ac1ba4d04a66a83ca02a70
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64cdaf932b432f5cd2429f3702a24882add9a36626eec82a2684e28d0460d2da
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28C1F530614701CFD724CF24C440967BBE2FF69314B254A5EE8C6A7796EF36A849CB45
                                                                                                                                                                                                                          Function 00459420 Relevance: 23.0, APIs: 1, Strings: 12, Instructions: 277COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: F5$F5$F5$F5$F5$F5$F5$F5$F5$F5$F5$F5
                                                                                                                                                                                                                          • API String ID: 0-1018629271
                                                                                                                                                                                                                          • Opcode ID: c22ee64df304f4a56509246d0e2db67755afcfcc9a89cb5919fd25fdace2d5b4
                                                                                                                                                                                                                          • Instruction ID: 1fd9a7eba8007a022fe6db29564b62add1ef11956a9aa95fe75b822ef78e5ad6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c22ee64df304f4a56509246d0e2db67755afcfcc9a89cb5919fd25fdace2d5b4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5B1D231614704CFD734CF28C040A67B7E2FFA9305B254A2ED48A87792E735AC5ACB49
                                                                                                                                                                                                                          Function 0046D2C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 245COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0046D2F2
                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0046D372
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LockitLockit::_std::_
                                                                                                                                                                                                                          • String ID: 1%tt$1%tt$<*^
                                                                                                                                                                                                                          • API String ID: 3382485803-2463617466
                                                                                                                                                                                                                          • Opcode ID: e979f5be684243cad6ff1e08121356eb9d2ab05e4218c5f2e3821bcd1f0dfcf6
                                                                                                                                                                                                                          • Instruction ID: d1431506b800613d1aa8b11e4fc5d85133434d1750d974419a5443b5804625d9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e979f5be684243cad6ff1e08121356eb9d2ab05e4218c5f2e3821bcd1f0dfcf6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D912B76F001148FCF18CF69D8906EEB7F5BB58324F19421AD816AB390E7399C46CB86
                                                                                                                                                                                                                          Function 005C9177 Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 005C9562: CreateFileW.KERNEL32(00000000,00000000,?,005C9220,?,?,00000000,?,005C9220,00000000,0000000C), ref: 005C957F
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005C928B
                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 005C9292
                                                                                                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 005C929E
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005C92A8
                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 005C92B1
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 005C92D1
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 005C941E
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 005C9450
                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 005C9457
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4237864984-0
                                                                                                                                                                                                                          • Opcode ID: 011e68dc62c5b6b2fe2d652ae63fc1726e447ef7fdb13dd7e2811b00c474d3d1
                                                                                                                                                                                                                          • Instruction ID: 866f77ad99e795e3983c6fe2fdfd8a75644283dbcf00875ea83ab7e93a8bbb76
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 011e68dc62c5b6b2fe2d652ae63fc1726e447ef7fdb13dd7e2811b00c474d3d1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8A11232A041859FCF199FA8DC99BAE3FB5BB46320F18015EE811AF391CB349D06DB51
                                                                                                                                                                                                                          Function 005C007E Relevance: 13.7, APIs: 9, Instructions: 199COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                          • Opcode ID: d0488ec45f15a72ff65fcd3010cb127987b3c602a15f59f5926d81aa1ddf2c9e
                                                                                                                                                                                                                          • Instruction ID: bfb625f91ff50d58f55223faf8995d9be4d53eaa6d967cba16933f8b789ec69a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0488ec45f15a72ff65fcd3010cb127987b3c602a15f59f5926d81aa1ddf2c9e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C61D076900305DFDB24DFA8C845FAABFE9FB84710F24141DE855AB281EB70A900CB64
                                                                                                                                                                                                                          Function 005C0370 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 005C06D0: _free.LIBCMT ref: 005C06F5
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C03BE
                                                                                                                                                                                                                            • Part of subcall function 005BC6B7: HeapFree.KERNEL32(00000000,00000000,?,005B351B), ref: 005BC6CD
                                                                                                                                                                                                                            • Part of subcall function 005BC6B7: GetLastError.KERNEL32(?,?,005B351B), ref: 005BC6DF
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C03C9
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C03D4
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C0428
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C0433
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C043E
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C0449
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                          • Opcode ID: 10f89baa2e0e33ddf7736a6c1844a4c53b43da7e62d178f93e44d7a4bdad20d8
                                                                                                                                                                                                                          • Instruction ID: 4b6fa2888bff98cc5f7e6f89280bb4a088047caf5629503ebcded20d02659915
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10f89baa2e0e33ddf7736a6c1844a4c53b43da7e62d178f93e44d7a4bdad20d8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2116A31550B15EBEA20BFB0CC0BFCB7F9CBFC0700F401819B2D9B6092DA6AB5558665
                                                                                                                                                                                                                          Function 005AC3AF Relevance: 9.2, APIs: 6, Instructions: 225COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(?,?,?,?,?,?,0049B51C,?,?,?,?,?,?,?,25D8D736,?), ref: 005AC43A
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000,?,0049B51C,?,?,?,?,?,?,?,25D8D736), ref: 005AC4C6
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,0049B51C,?,0049B51C,?,?,?,?,?,?,?,25D8D736), ref: 005AC531
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000,?,0049B51C,?,?,?,?,?,?,?,25D8D736), ref: 005AC54D
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,0049B51C,?,?,?,?,?,?,?,25D8D736), ref: 005AC5B0
                                                                                                                                                                                                                          • CompareStringEx.KERNEL32(?,25D8D736,00000000,0049B51C,00000000,?,00000000,00000000,00000000,?,0049B51C,?,?,?,?), ref: 005AC5CD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2984826149-0
                                                                                                                                                                                                                          • Opcode ID: 30943d6ae6b32c7c3c936669855f8a2ff1c2824ada50c28cc531b679437b9dba
                                                                                                                                                                                                                          • Instruction ID: 035f7b1e6ef6cb494bab99add052ac16238b213b8774895b2485710a53d1dbea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30943d6ae6b32c7c3c936669855f8a2ff1c2824ada50c28cc531b679437b9dba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D71AB72D0021AABDF219FA4C855BFEBFA5BF0E361F140456E844BB191DA25AC448BA4
                                                                                                                                                                                                                          Function 0049A080 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 240COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0049A0B5
                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0049A0E7
                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0049A3AA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Lockitstd::_$Lockit::~_$Lockit::_
                                                                                                                                                                                                                          • String ID: LD^
                                                                                                                                                                                                                          • API String ID: 214967623-2651282244
                                                                                                                                                                                                                          • Opcode ID: f75706c86da2e752e9f7f40c454e882fa926936e2ab3b1cffa4e8cc066cc9c75
                                                                                                                                                                                                                          • Instruction ID: 8c1f8c0abf047e9b82264c6b4c9b54f4d00812929c470c4995486992bc2bc3bf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f75706c86da2e752e9f7f40c454e882fa926936e2ab3b1cffa4e8cc066cc9c75
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F91BD75E012448FCF14CF98D895AAE7BB1BB59314F18407AE805EB3A0D339AC55CF96
                                                                                                                                                                                                                          Function 00471300 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 196COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: Fan$Fan$Fan$Fan
                                                                                                                                                                                                                          • API String ID: 0-1485696664
                                                                                                                                                                                                                          • Opcode ID: 69e4d81437f65a4d609d0a7fcc7a9e5b20a3d0c3b05ae739ae5753b7fb9aa647
                                                                                                                                                                                                                          • Instruction ID: 56efc2ef07e320a898b0391fab09de8f32935903f2777a670fd1e11938fd30b8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69e4d81437f65a4d609d0a7fcc7a9e5b20a3d0c3b05ae739ae5753b7fb9aa647
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62612D32A002558BCF288F2C95841EE77E5ABD43A4F1AD617D82AAF3B0C7398D458785
                                                                                                                                                                                                                          Function 0049A3E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: R\$R\$R\
                                                                                                                                                                                                                          • API String ID: 0-2053949808
                                                                                                                                                                                                                          • Opcode ID: fd2192a9088afbe13ba11a9046f5a937124938b29344ea353440d2363231c201
                                                                                                                                                                                                                          • Instruction ID: 7642ff4cecb552dcc2e8eae4f03b25e84379ebf6065cec817c6289efff8ad1b9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd2192a9088afbe13ba11a9046f5a937124938b29344ea353440d2363231c201
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C64196357082108FCF188A28989852B7BE1ABD8314F22493BD45ACB365C779DC55DBD7
                                                                                                                                                                                                                          Function 005B1545 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,005B15CF,?,?,005B1650,?,?,?), ref: 005B155A
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 005B156D
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,005B15CF,?,?,005B1650,?,?,?), ref: 005B1590
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                          • Opcode ID: 79c2e68c6e0f235bda51dcdee9b7b0a18bc44a5da70a299be5c005d0021b5791
                                                                                                                                                                                                                          • Instruction ID: 901dd12120f7f30bd48d17cf2d28d37647b696f5b974552927ee5e8246bd7ed0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79c2e68c6e0f235bda51dcdee9b7b0a18bc44a5da70a299be5c005d0021b5791
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67F08C30901618FBCB31AB54EC0ABED7F68FF40796F000166E406A21A0DF709F04EE90
                                                                                                                                                                                                                          Function 005C028C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C02A4
                                                                                                                                                                                                                            • Part of subcall function 005BC6B7: HeapFree.KERNEL32(00000000,00000000,?,005B351B), ref: 005BC6CD
                                                                                                                                                                                                                            • Part of subcall function 005BC6B7: GetLastError.KERNEL32(?,?,005B351B), ref: 005BC6DF
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C02B6
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C02C8
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C02DA
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005C02EC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                          • Opcode ID: 263993343adcb2012775097258e2081e1f1ac26ed28bea0f2c7943f48d5c56d0
                                                                                                                                                                                                                          • Instruction ID: 62f6ac6630ba32a45d5ed00e5aa51d7fdad7b511d627212f3151f909075e494b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 263993343adcb2012775097258e2081e1f1ac26ed28bea0f2c7943f48d5c56d0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EEF0C832100650EF8618EF98E4CFD5A7FD9BA587507642C0DF494DB945CB31FC84866C
                                                                                                                                                                                                                          Function 0046E010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0046E046
                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0046E0C5
                                                                                                                                                                                                                            • Part of subcall function 005AAC3C: _Yarn.LIBCPMT ref: 005AAC5B
                                                                                                                                                                                                                            • Part of subcall function 005AAC3C: _Yarn.LIBCPMT ref: 005AAC7F
                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0046E16A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: std::_$LockitYarn$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                          • String ID: bad locale name
                                                                                                                                                                                                                          • API String ID: 3683006843-1405518554
                                                                                                                                                                                                                          • Opcode ID: adf77c33aefebc27585a562a5ca1ef30ce85ff72cc790aabca8bc9c11df5c95d
                                                                                                                                                                                                                          • Instruction ID: bf4aca162964ecfd340632ebaa723197c9b7b2a89b93767f7eba76d5b2a2db78
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adf77c33aefebc27585a562a5ca1ef30ce85ff72cc790aabca8bc9c11df5c95d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9741AEB480064A9FC700DF65D8957DEBBF4FF49314F04412AD408A7781EB79A958CBE6
                                                                                                                                                                                                                          Function 005C70CF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,005C716B,?,FFAB860D,00000000,?,?,?,005C7029,00000002,FlsGetValue,005D12F4,005D12FC), ref: 005C70DC
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,005C716B,?,FFAB860D,00000000,?,?,?,005C7029,00000002,FlsGetValue,005D12F4,005D12FC,?,?,005BAE8E), ref: 005C70E6
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000000,FFAB860D,?,FFAB860D), ref: 005C710E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                          • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                          • Opcode ID: 1f8d316aa95d279011761201bc31ccdd887ac38f95b62bbe10c132d03dbf5e1c
                                                                                                                                                                                                                          • Instruction ID: 44b2a1e30b2001165bc34bbb17765b863a1280e2aab4372d6040961214da20fa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f8d316aa95d279011761201bc31ccdd887ac38f95b62bbe10c132d03dbf5e1c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44E01230644209BBEF301FA1EC06F683F64BB14B90F144436F90DA84E2EB729854DA89
                                                                                                                                                                                                                          Function 005BF51E Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _strrchr
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3213747228-0
                                                                                                                                                                                                                          • Opcode ID: be3a482cfb83731e2a1fd3e52bd0227d612d87cde221266f45b814d0dd62b475
                                                                                                                                                                                                                          • Instruction ID: ee70ef46518e378efe3d524fceaa5803cf5363f09c720812f85fd6ed2af2f4d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be3a482cfb83731e2a1fd3e52bd0227d612d87cde221266f45b814d0dd62b475
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AB1F5729002469FDB158F68CC81BFEBFE5FF55340F2445BAE8559B242D634AE41CB60
                                                                                                                                                                                                                          Function 005BC050 Relevance: 6.3, APIs: 4, Instructions: 275COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __FindPESection.LIBCMT ref: 005BC181
                                                                                                                                                                                                                          • VirtualQuery.KERNEL32(83000000,BA6DB144,0000001C,BA6DB144,?,?,?), ref: 005BC266
                                                                                                                                                                                                                          • __FindPESection.LIBCMT ref: 005BC2A3
                                                                                                                                                                                                                          • __FindPESection.LIBCMT ref: 005BC2DD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FindSection$QueryVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2992484814-0
                                                                                                                                                                                                                          • Opcode ID: d79fdd31a62166ae62e80de5272f80315216b508f7dfd0827469698a4de913f1
                                                                                                                                                                                                                          • Instruction ID: 0888d019e6cebbcc796b3e3c5dd98f4de6d0da43eb831728cd735ad5f11f3582
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d79fdd31a62166ae62e80de5272f80315216b508f7dfd0827469698a4de913f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14A1AB75A0021A9FDF24CF98D8806EEBFA4FB58311F104529D859EB261E731FC05CBA8
                                                                                                                                                                                                                          Function 005C2012 Relevance: 6.2, APIs: 4, Instructions: 211COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free_strpbrk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3300345361-0
                                                                                                                                                                                                                          • Opcode ID: cfe42419a48b674bd03234050fdc44e8573882f451da2906b53a9d63a30c947e
                                                                                                                                                                                                                          • Instruction ID: 795925bb72724b30d457cfefadadc4faa3dbdea07a96835726321e8da7b10f27
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfe42419a48b674bd03234050fdc44e8573882f451da2906b53a9d63a30c947e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8611A75D00219AFCB14DFA9C885AEDBBF5FF88310F28816AE915B7300D675AE41CB90
                                                                                                                                                                                                                          Function 005BB45B Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AdjustPointer
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1740715915-0
                                                                                                                                                                                                                          • Opcode ID: 2f1f3c43d8d70b321cf38b19ce2f73d5cd4bff8143e2d8f0737fa7b7c35a8ece
                                                                                                                                                                                                                          • Instruction ID: fc0e509f749082964e4d9f01a70a22dd0bb64c0df2a9877fdc9ef79e16954799
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f1f3c43d8d70b321cf38b19ce2f73d5cd4bff8143e2d8f0737fa7b7c35a8ece
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5351BBB2A006069FEB389F54D885BFA7BA5FF84310F144429E846866E1E7F1FD40DB91
                                                                                                                                                                                                                          Function 005CA111 Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005CA1E1
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005CA20A
                                                                                                                                                                                                                          • SetEndOfFile.KERNEL32(00000000,005C97F7,00000000,005C3E65,?,?,?,?,?,?,?,005C97F7,005C3E65,00000000), ref: 005CA23C
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,005C97F7,005C3E65,00000000,?,?,?,?,00000000,?), ref: 005CA258
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free$ErrorFileLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1547350101-0
                                                                                                                                                                                                                          • Opcode ID: df5332bb32cb7e121b5bd5c0968464454e31016e727f90a0c1170197481b10c4
                                                                                                                                                                                                                          • Instruction ID: 10158e407fbef6bc84ecb76f96a05a7244b38c2f1c5fd05efef3c578ac0d0b97
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df5332bb32cb7e121b5bd5c0968464454e31016e727f90a0c1170197481b10c4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0641A37A90060AAEDB156BE8CC0AF9E7F65BF84364F180519F524E6292DB31DD40C762
                                                                                                                                                                                                                          Function 0056A110 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ___std_exception_destroy.LIBVCRUNTIME ref: 0056A190
                                                                                                                                                                                                                          • ___std_exception_destroy.LIBVCRUNTIME ref: 0056A19F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ___std_exception_destroy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4194217158-0
                                                                                                                                                                                                                          • Opcode ID: 551f664216c5d05cb212ac9b41fc73a7885f7e9a0b2bb53dff4749b33943ebc3
                                                                                                                                                                                                                          • Instruction ID: 5ccac775c8e75e1c5762521247c03979c9270c3c6112f037c011793b80a38b0c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 551f664216c5d05cb212ac9b41fc73a7885f7e9a0b2bb53dff4749b33943ebc3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15315EBA6002414FDE248F64AC8545EBEE1BED33607384E19D896DB291D732ED0DDA93
                                                                                                                                                                                                                          Function 005C2248 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 005AF67B: _free.LIBCMT ref: 005AF689
                                                                                                                                                                                                                            • Part of subcall function 005BC7BB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,005BDD41,?,00000000,00000000), ref: 005BC867
                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00000000,?,00000000), ref: 005C22B0
                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 005C22B7
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 005C22F6
                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 005C22FD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 167067550-0
                                                                                                                                                                                                                          • Opcode ID: 4968c8c81fbe9e4d38e33c10b050193e183a0ef5491a86c8bd54a8521c3cd47e
                                                                                                                                                                                                                          • Instruction ID: 51651cfce50a6505f4baf7fda0d67202c2be3ce42523a5b52998624b5a28871c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4968c8c81fbe9e4d38e33c10b050193e183a0ef5491a86c8bd54a8521c3cd47e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4521A771500216BFDB20AFA2CC84E6A7F6CFF50364B50891DF82997151D734ED40DBA0
                                                                                                                                                                                                                          Function 005CA2ED Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,005C9AE5,00000000,00000001,00000000,00000000,?,005C51D7,?,6C4A0860,00000000), ref: 005CA304
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,005C9AE5,00000000,00000001,00000000,00000000,?,005C51D7,?,6C4A0860,00000000,?,00000000,?,005C4C6B,00000000), ref: 005CA310
                                                                                                                                                                                                                            • Part of subcall function 005CA361: CloseHandle.KERNEL32(FFFFFFFE,005CA320,?,005C9AE5,00000000,00000001,00000000,00000000,?,005C51D7,?,6C4A0860,00000000,?,00000000), ref: 005CA371
                                                                                                                                                                                                                          • ___initconout.LIBCMT ref: 005CA320
                                                                                                                                                                                                                            • Part of subcall function 005CA342: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,005CA2DE,005C9AD2,00000000,?,005C51D7,?,6C4A0860,00000000,?), ref: 005CA355
                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,005C9AE5,00000000,00000001,00000000,00000000,?,005C51D7,?,6C4A0860,00000000,?), ref: 005CA335
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2744216297-0
                                                                                                                                                                                                                          • Opcode ID: 6f673a280947616f1511ca54791988bb06138f34f7076fa1d5b4c791f649c2e4
                                                                                                                                                                                                                          • Instruction ID: 8faa180b8790bcb1c0ad83d4910fb24b5ad1717ba2c8addd53e7a76c9b784685
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f673a280947616f1511ca54791988bb06138f34f7076fa1d5b4c791f649c2e4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71F01C36401559FFCF221FE5DC08E9D3F66FB697A0B044516FA0995120CA32CC20EB91
                                                                                                                                                                                                                          Function 00505380 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 154COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: g`OT$g`OT
                                                                                                                                                                                                                          • API String ID: 0-3929824368
                                                                                                                                                                                                                          • Opcode ID: 45eb4ea32edde8ad7bfefd31c81342ef04ba232b55b4df9b1b7e479af037452e
                                                                                                                                                                                                                          • Instruction ID: 87e1d237204b39849c15518a1e9986bd095e9ab63eb5739e4fe6c7b5527025a9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45eb4ea32edde8ad7bfefd31c81342ef04ba232b55b4df9b1b7e479af037452e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B51077AE016198BCF14CF6C88C45EEBBE2BB89365B560165DC24E7391E6349C898F90
                                                                                                                                                                                                                          Function 004AB060 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • std::_Xregex_error.LIBCPMT ref: 004AB1BA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Xregex_errorstd::_
                                                                                                                                                                                                                          • String ID: P6?$P6?
                                                                                                                                                                                                                          • API String ID: 3587890882-3910330062
                                                                                                                                                                                                                          • Opcode ID: dae0873950305a3233c43545d888481af2eb96707e20cf607b15196989765148
                                                                                                                                                                                                                          • Instruction ID: 255b08e47282da3d91ef3a4427c3a2e56c8803e2d62da20620c5ed0221ad6f74
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dae0873950305a3233c43545d888481af2eb96707e20cf607b15196989765148
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E31A036748211DFCB18462895A6767B3C2D7F6360F25C42BD89887396E3398C04DACA
                                                                                                                                                                                                                          Function 005BE36D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 005BE1F7: GetOEMCP.KERNEL32(00000000,005BE388,005C4741,00000000,00000000,00000000,00000000,?,005C4741), ref: 005BE222
                                                                                                                                                                                                                          • _free.LIBCMT ref: 005BE3E5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                          • String ID: AG\
                                                                                                                                                                                                                          • API String ID: 269201875-1409088248
                                                                                                                                                                                                                          • Opcode ID: d4b365817d9d9559a4b1653f7d5436cca03809d248f020deccf1a61755d31b7a
                                                                                                                                                                                                                          • Instruction ID: dbab22924e59f156fd01c9952139dc964c383a6bfdf63da39eb219c196d3bf22
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4b365817d9d9559a4b1653f7d5436cca03809d248f020deccf1a61755d31b7a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96317E7190024AAFCB01DF58C886ADE7FE5FF84314F19446AF9119B2A1EB32AD50CB61
                                                                                                                                                                                                                          Function 005BB3C4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 005BB63B
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ___except_validate_context_record
                                                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                                                          • API String ID: 3493665558-3733052814
                                                                                                                                                                                                                          • Opcode ID: 7b5975251f2821ea003e078193f7f6a1255c0f6af47c42e97ac5572079383e78
                                                                                                                                                                                                                          • Instruction ID: 047b14d81d203928f917c6e08aa0d11a3b843c6cd5191f8ec891cdef57f7e1a4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b5975251f2821ea003e078193f7f6a1255c0f6af47c42e97ac5572079383e78
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A31E132400209DFEF269F60C8499FA7F66FF59354B18465AFC540A222CBF2EC61DB91
                                                                                                                                                                                                                          Function 005C02F5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                          • String ID: 0F]
                                                                                                                                                                                                                          • API String ID: 269201875-1758722376
                                                                                                                                                                                                                          • Opcode ID: 06a474b25e9329ec41c71a0502bddc52c3f595b1cf3d1a8eb1cf4f148915ad35
                                                                                                                                                                                                                          • Instruction ID: 2d8a234ce900556241b6e7afa294e9c4939636bda08da26dae82977b5d09ebf5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06a474b25e9329ec41c71a0502bddc52c3f595b1cf3d1a8eb1cf4f148915ad35
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFF0F433408251EFE7146AA5AC46FEB3F98FBC1B70F24182EF90C4E1C2DA61180142B5
                                                                                                                                                                                                                          Function 005BE1F7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetOEMCP.KERNEL32(00000000,005BE388,005C4741,00000000,00000000,00000000,00000000,?,005C4741), ref: 005BE222
                                                                                                                                                                                                                          • GetACP.KERNEL32(00000000,005BE388,005C4741,00000000,00000000,00000000,00000000,?,005C4741), ref: 005BE239
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3429452876.0000000000441000.00000020.00000001.01000000.00000006.sdmp, Offset: 00440000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429428813.0000000000440000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429632088.00000000005CC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429672662.00000000005DE000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429694966.00000000005EB000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000D.00000002.3429737112.00000000005EF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_440000_anterra.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: AG\
                                                                                                                                                                                                                          • API String ID: 0-1409088248
                                                                                                                                                                                                                          • Opcode ID: 6eb543ec4e191ab7933d0e56a3426093978b17e7349efb51a0b19dcbe684f0f4
                                                                                                                                                                                                                          • Instruction ID: baffeb735056f66f9b4bed937cb29b30f22e2bf90be37e125e501741cedce88b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6eb543ec4e191ab7933d0e56a3426093978b17e7349efb51a0b19dcbe684f0f4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CF0C230404104DBEB24DBA8E94A7E9BBB5BB55339F180B44E0358A1E1DB70A84ADB40